I really ought to do something with basic firewalling of Ubuntu (which is what it is running now)on my remote, hosted Raspberry Pi. But I am way to foggy to get stuck in to using the less friendly *nix firewalling tools such as raw IPTABLES, and there is little point if I simply get it all wrong anyway, so being sure of the results would need to be part of the deal. I think my options are to use a friendlier configuration tool for idiots, such as myself, or get a basic potted configuration from somewhere which I can just edit. Something that says all inbound=deny, all outbound=allow, does Dracula and the Virgin stateful firewalling to allow inbound conversations if initiated from outbound and enables all the related ICMPv6 inbound being allowed too.
The danger in my case is that the slightest mistake would mean I lock myself out for good. I am wondering about setting some job going on a delta timer to disable the firewall, as a safety switch. Probably the best would be to have the timer retriever itself or the job set a new timer, or whatever, but repeating every ten minutes or so.
I decided to give ufw a try -
And as my safety measure I tried the following
( sleep 500 ; ufw disable ) &
And then something like
ufw disable & ufw default deny incoming & ufw default allow outgoing
ufw allow from 2001:8b0:xxx::/48 & ufw enable
Where the latter IPv6 address range is my own IPv6 allocation
Sound reasonable?
What next?