Firewall Creation Tutorial Missing

#1

Hi Craig, I have been following the tutorials on your YouTube Playlist but now I am a bit stuck because my web server didn’t come with a firewall or that’s at least how it seems to be.
I don’t have any firewall despite following your tutorial step by step and I used your referral code to sign up into Digital Ocean so I didn’t have to spend any more money to learn Magento other than the $5 dollars to verify my account.

The video I was watching but I am stuck on:
Migrate Magento to another server - Magento 2 Tutorial

I made two droplets, one following your tutorial till the end and the other till 40 minutes as you said.
How to install Magento 2.3 (from scratch) - Magento 2 Beginner Tutorials

I went into the droplet and to network and at the bottom it says I haven’t applied any firewall.
I also don’t have any firewall to apply it to.
image

I see you writing, I created a new firewall by looking at what you had.
Except for the HTTPS since I haven’t enabled SSL

I had problems to access the terminal on puTTY if I whitelisted my ip addresses in SSH so I had to allow all IPv6 and IPv4 addresses but the Droplet terminal on Digital Ocean worked fine either way.

#2

Hi @Paolo_Di_Bello and welcome.

Creating a firewall is pretty simple. Go to…

  1. Click Networking
  2. Click Firewalls
  3. Click Create Firewall
  4. Give it a name
  5. Add Inbound Rules for SSH, HTTP and HTTPS rules for your IP address**
  6. Type the name of your Droplet at the bottom under Apply to Droplets
  7. Press Create Firewall

**Note: “All IPv4” and “All IPv6” means “all public traffic”. So, remove those from Sources if necessary.

And that’s it. The DigitalOcean Documentation for How to Create Firewalls is worth a read.

You can also micromanage everything from the Command Line Interface. But if you’re using DigitalOcean then you may as well stick with that because it’s much easier to manage.

A little tip for Managing Firewalls
Only really useful if you manage a team or lots of individuals.

Droplets can have multiple Firewalls applied to them. So, because I have a lot of different IP addresses that access my Droplets I name them for each group.

For example, let’s say I have 3 Static IP addresses. I’d create a firewall called “Craig” and add those 3 IP addresses. Then I’d create one for Public access called “Public”. And finally, I might create another one for 3rd party developers called “ThirdParty”.

Doing it this way allows you to easily control who can and cannot access your Droplets - Within the need to micromanage each firewall.

1 Like
#3

This opens the door to brute force attacks. If allowing IPv6 and IPv4 allowed you to connect, then you must not have entered your own IP in correctly the first time.

#4

@digitalstartup Do you mean I haven’t whitelisted the ip addresses correctly?

Also, one tip I have for you since you have the migration tutorial right after the one of setting up magento on Digital Ocean, you could also have a link somewhere in your article to create a firewall on Digital Ocean even if it’s pretty much just giving a name so people don’t get confused as I did.

#5

I’ve added a note to the Post based on your feedback.

SSH should only have your IP Address. Absolutely no reason for anyone else to be able to access your web server for SSH or SFTP.

1 Like