IMHO: It is better to have a firewall and block (policy -- drop) INPUT and FORWARD by default.
And open only ports that must be opened.
This will help if you install some software that listens for 0.0.0.0 by accident
On Mon, May 30, 2022 at 07:13:54AM -0500, Tom Browder wrote:
> No worries. All those responses about the subject IP now are the norm for a
> bare-iron server ready for use by a customer, yours truly. It is the same
> server I messed up the firewall with and locked myself out of. The OS has
> been reinstalled and is ready for me to use again.
Why are you installing a firewall on a web server *at all*?
The only thing you need to secure is your ssh access, and that's
usually done in the /etc/ssh/sshd_config file, either by setting
up key access only, or by restricting the source IPs who can connect.
The web service is supposed to be open to the whole world. That's
why it's called the World Wide Web.
Unless this machine is more than just a web server...?