I just setup a minecraft server on an old laptop, but to make it acessible i needed to open up a port. Currently, these are the ufw rules i have. when my friends want to connect, i will have them find their public ip and ill whilelist only them. is this secure enough? thanks

`Status: active

To Action From

22/tcp ALLOW Anywhere Anywhere ALLOW my.pcs.local.ip`

also, minecraft is installed under a separate user, without root privlege

  • just_another_person@lemmy.worldEnglish
    63·
    5 months ago

    You cant. You can only do your best to make it as secure as possible, but given enough time, someone can break it.

    Basic tips:

    • don’t run any services on their defaults ports
    • don’t allow password auth for any exposed service. Ever.
    • run intrusion detection (fail2ban for simple ssh / Crowdsec for something a little beefier)

    For ssh specifically, lock down your sshd config, make sure only key-based auth is enabled, and maybe as an extra step, create a dedicated user, and jail it by only allowing it access for the commands you need to interact with.