Last active
March 6, 2026 03:30
-
-
Save adinata-id/8377594c2fb2dfc0e180c57212cfdc21 to your computer and use it in GitHub Desktop.
setting firewall vps
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ---Keamanan---- | |
| # Install fail2ban | |
| sudo apt update && sudo apt install fail2ban -y | |
| # Setup UFW - whitelist SSH dulu sebelum enable | |
| sudo ufw allow 22/tcp | |
| sudo ufw allow 18789/tcp # openclaw gateway | |
| # Enable UFW | |
| sudo ufw enable | |
| # Cek status | |
| sudo ufw status verbose | |
| Setelah UFW aktif, setup fail2ban: | |
| # Buat config jail lokal | |
| sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local | |
| # Tulis ulang jail.local yang clean | |
| sudo tee /etc/fail2ban/jail.local << 'EOF' | |
| [DEFAULT] | |
| bantime = 1h | |
| findtime = 10m | |
| maxretry = 5 | |
| ignoreip = 127.0.0.1/8 | |
| [sshd] | |
| enabled = true | |
| port = 22 | |
| maxretry = 3 | |
| bantime = 2h | |
| findtime = 10m | |
| EOF | |
| # Start dan enable fail2ban | |
| sudo systemctl enable fail2ban | |
| sudo systemctl start fail2ban | |
| # Cek status | |
| sudo fail2ban-client status | |
| sudo fail2ban-client status sshd | |
| ####Gunakan Rule dibawah ini jika ingin allow akses hanya utk IP Public Tertentu ### | |
| # Hapus rule public | |
| sudo ufw delete allow 22/tcp | |
| sudo ufw delete allow 18789/tcp | |
| # Allow hanya dari IP kamu | |
| sudo ufw allow from YOUR_IP to any port 22 | |
| sudo ufw allow from YOUR_IP to any port 18789 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment