Security guide for stakepool operators

In the past, we have mostly focused with our guides on maximizing the perfomance of the stakepools, while having the best experience possible. However, as we are moving closer and closer to the Shelley mainnet release, security is going to play a more and more important role. On the ITN, security doesn’t matter that much, simply because the rewards are frozen. Though, this will not be the case anymore on mainnet. Because of that, it’s essential for stakepool operators to start learning advanced security measures (such as the use of firewalls), so they can ensure that their nodes will constantly remain fully secure.

In this first part of the security guide, you will be learning how to easily deploy firewalls, while still letting your node safely interact with the network!


I started going through your guide thinking that it was for the Haskell.

1 Like

Oh, well, you can actually also do it for the Haskell guide, simply open the ports you are using for your relay nodes with the following command:

sudo ufw allow proto tcp from any to any port PortOfYourRelayNode

Though, the port of your block-producing node should remain closed if I’m not mistaken, as you don’t want it to get in touch with the network, and you don’t want anyone but you to be able to access it.

Do you have any advice as to port forwarding?

Thanks for your time!