I don't think *low budget* vps providers typically allow this. That said, fail2b... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		e12e on Feb 17, 2020 \| parent \| context \| favorite \| on: Building a static serverless website using S3 and ... I don't think low budget vps providers typically allow this. That said, fail2ban works OK, as does manual iptables (now nftables) - unfortunately /etc/hosts_allow is deprecated[1]. If you don't know that you'll be able to arrive from an IP or subnet - another option would be port knocking. (eg: knockd). Although, I'd try to avoid adding more code and logic to the mix - that goes for both fail2ban and knockd. [1] ed: Note, the rationale for this is sound: the firewall (pf or nftables) is very good at filtering on IP - so better avoid introducing another layer of software that does the same thing.

pm90 on Feb 18, 2020 [–]

You can't create/edit firewall rules via apis in some vps providers?

e12e on Feb 18, 2020 | [–]

By "low budget" i read"cheaper than Digital Ocean". I'm not sure how many of them let you specify firewall rules outside of/"in front of" your vm.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact