From 3011afd325df0f02719ad9cf35838eee0365e970 Mon Sep 17 00:00:00 2001 From: who am i Date: Fri, 5 Mar 2021 11:05:50 +0100 Subject: [PATCH] Update page 'This guide should help new users to secure "harden" their Oxen Service Node.' --- ...e-%22harden%22-their-Oxen-Service-Node..md | 23 +++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/This-guide-should-help-new-users-to-secure-%22harden%22-their-Oxen-Service-Node..md b/This-guide-should-help-new-users-to-secure-%22harden%22-their-Oxen-Service-Node..md index 53f9d76..527b087 100644 --- a/This-guide-should-help-new-users-to-secure-%22harden%22-their-Oxen-Service-Node..md +++ b/This-guide-should-help-new-users-to-secure-%22harden%22-their-Oxen-Service-Node..md @@ -178,7 +178,7 @@ sudo ufw enable UFW will show you a ssh-warning which you can now accept by typing a ‘yes’ and hit Enter to continue. -You should close all ports and explicitly open all ports which oxen service nodes requires to operate with the Loki network. Luckily, the latest deb package is doing the job for you. So, hereafter just a list of oxen service node ports: +You should close all ports and explicitly open all ports which oxen service nodes requires to operate with the oxen service node network. Luckily, the deb package is doing the job for you. To ensure that all required ports are open you can command the following: @@ -191,8 +191,27 @@ sudo ufw allow 22023/tcp sudo ufw allow 22025/tcp ``` -Remark: As long as you are using the standard ports. This port rules are defined in `/etc/ufw/applications.d` (for the deb package only). +Remark: +As long as you are using the standard ports. This port rules are defined in `/etc/ufw/applications.d` (for the deb package only). + +Further explanations: +Inbound traffic should allow following ports: +**1090/udp** for the **lokinet-router** +**22022/tcp** for **oxend** p2p +**22025/tcp** for ** quorum/blink** communication +**22021/tcp** for **storage server**: for remote clients to talk to service node +**22020/tcp** for **storage server**: service nodes talking to other service nodes. + +Outgoing traffic should be allowed for all ports. +If you want to run a testnet node, following ports should be open for inbound traffic: +ports 38156, 38159/tcp for oxen-daemon +ports 38154, 38155/tcp for oxen-storage-server + +Verify and double-check that UFW is working properly and all ports are set correctly: +``` +sudo ufw status +``` Optionally, if you do not need *ipv6* connection you can delete this rules by modifying the general UFW settings.