Hi,
I have 2 droplets, one containing my DB and one my app.
The DB droplet i have UFW installed allowing only the IP of the droplet of my app however when I ping the IP from my laptop it returns data.
Is this supposed to be - I would have expected it to not do that?
Only my app droplet should have access to that DB droplet - absolutely nothing else.
Thanks.
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
@psmod2
You’ll need to edit
/etc/ufw/before.rules
and modify two lines – in both cases, we’re replacing ACCEPT with DROP.#01
to
#02
to
… and then run
sudo ufw disable && sudo ufw enable
.You can also edit
/etc/sysctl.conf
and drop in:… then run
sudo sysctl -p
to load the changes.Once these changes have been made, you should see something similar to:
Thanks - so as a security precaution is something commonly followed? (I only randomly thought about it).
Also - is there anything else I should also implement in addition to my UFW? Setting up fail2ban later today as well?