I just setup a minecraft server on an old laptop, but to make it acessible i needed to open up a port. Currently, these are the ufw rules i have. when my friends want to connect, i will have them find their public ip and ill whilelist only them. is this secure enough? thanks

`Status: active

To Action From


22/tcp ALLOW Anywhere Anywhere ALLOW my.pcs.local.ip`

also, minecraft is installed under a separate user, without root privlege

  • Swarfega@lemm.ee
    link
    fedilink
    English
    arrow-up
    10
    ·
    2 months ago

    More effort than I would consider. I’d just allow all traffic incoming on that port. I’d only consider whitelist if someone was giving me grief. Even then that would be after blacklisting an IP wasn’t solving my problem.

    • IphtashuFitz@lemmy.world
      link
      fedilink
      English
      arrow-up
      10
      ·
      2 months ago

      Port 22 is the default SSH port and it receives a TON of malicious traffic any time it’s open to the whole internet. 20 years ago I saw a newly installed server with a weak root password get infected by an IP address in China less than an hour after being connected to the open internet.

      With all the bots out there these days it would probably take a lot less time if we ran the same experiment again.

      • Swarfega@lemm.ee
        link
        fedilink
        English
        arrow-up
        7
        ·
        2 months ago

        Ha. That’s my bad. I didn’t even read the firewall rules listing 22/SSH. I agree on not opening 22 to the world. It just invites bots throwing passwords at it.

        I just read Minecraft in the original post which from reading runs from 25565 which I wouldn’t worry about. If OP needs 22 for admission I’d either whitelist it or use a VPN/Tailscale.

        • Zangoose@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          2 months ago

          25565 also gets a decent amount of malicious traffic because of Minecraft though. I’d recommend switching the port to something different at the very least. When I hosted a server for the first time on 25565 my router pretty immediately gave me warnings about attempted network traffic coming from Europe/Asia when I (and everyone I gave the IP to) live in the US.