Majority of operators are running on Ubuntu, using ufw firewall
The ufw firewall rules I have offhand are as follows, and can be translated into iptables by referencing the port activity
on relay nodes:
ufw default deny incoming
ufw default allow outgoing
ufw limit proto tcp from any to any port [custom ssh port]
ufw allow [relay port]/tcp
on block producer (bp) node:
ufw default deny incoming
ufw default allow outgoing
ufw limit proto tcp from any to any port [custom ssh port]
sudo ufw allow from [relay 1 ip] to any port [bp node port] proto tcp
sudo ufw allow from [relay 2 ip] to any port [bp node port] proto tcp
sudo ufw allow from [relay 3 ip] to any port [bp node port] proto tcp
You will have a difficult time establishing a stable node with 1GiB ram - I recommend 4GiB, but have relays in test doing alright on 2GiB for the time being (change of epoch is currently a bit rough on the nodes)
I strongly recommend learning to build transactions manually (not sure if you’re using CNTools for tx building too), as doing so will provide you the framework for building and signing all transactions offline on a cold machine (and then you can move the signed transactions to your hot nodes for submission to the chain). This practice ensures your keys always remain cold and would mitigate theft of funds or pool keys regardless of unauthorized system breach.