This is probably a hacky way to go about things, but if I don't write it down, I know I'll have forgotten it by the time maintenance comes around in 2033…

TL;DR: use ufw but ensure you can access ssh.

UK EVENTAttend ffconf.org 2024

The conference for people who are passionate about the web. 8 amazing speakers with real human interaction and content you can't just read in a blog post or watch on a tiktok!

ufw - Uncomplicated Firewall

Although when I'm maintaining a machine directly I'm likely doing it through AWS, and AWS does also have IP level security, it (AWS) is a pain to navigate and I often get lost. Plus, knowing ufw is useful away from AWS.

ufw is a firewall tool that (in my case) was disabled by default, and when enabled, denies all incoming traffic - including my own SSH connections.

So, this is a short primer (and reminder) for future me.

$ sudo ufw status # expecting "disabled"
$ sudo ufw allow ssh # let us back in using SSH
$ sudo ufw allow https # because I'm usually running a server
$ sudo ufw enable

Now test, importantly without closing the current connection.

This puts the firewall in place. Now if I want to block an individual IP address:

$ sudo ufw deny from 1.2.3.4 to any

Now any requests from 1.2.3.4 are discarded at the network level, allowing my resources to happily continue without wasting resources on a client that's been configured to automatically request from my machine multiple times a second with the wrong API key…

Fair warning

As I mentioned, this feels like a bit of a fast and lose approach, and this wouldn't get me a job as head of Ops in Big Corp. But it works for me. Your mileage may vary!