I’ve been searching in this forum for an answer to this but couldn’t find one, apologies if this is a duplicate.
I have an Ubuntu 18.04 host running on a VPS with two containers, each of which run Debian buster. One of those containers is running Caddy as a reverse proxy and the other is running an XMPP server. I am using proxy devices to forward the following ports:
- tcp:80 & tcp:443 --> Caddy (type proxy)
- tcp:5222, tcp:5000, tcp:5269 --> XMPP (type proxy)
When I run
# netstat -tulpn on my host I see that in addition to these ports ports
67 are also open with the programs
systemd-resolve listening on those ports. In addition to port
22 for ssh, which I expect.
I would like to secure the host machine with a firewall (UFW preferably) but I am not sure which ports to allow to/from the host machine. Are ports
Should I be using proxy devices to forward these ports to the requisite containers? It seems simple but I’ve noticed that each spans a
forkproxy process that consumes 1.3% memory on average. Would using IPTables be a better option?