I think I have now standardised my server choice to ubuntu server. It seems to have everything I need available as packaged and more importantly supports version upgrades in place. (and they actually work).
The other nice thing is the introduction of a simple firewall app to manage the iptables.
Only hardcore hackers and serious sys admins remember the syntax for adding rules to iptables, and even then I’m sure they still need to read the man page once in a while.
So lets take a look a the new firewall config tool
ufw. It’s probably not that new, but its new to me.
It makes it really easy to add simple rules, like
ufw allow http (allow http access)
but once you get a multi-nic’d machine it still is a bit complex to work out how to allow some traffic and not others.
This is the basic syntax to limit service access based on ip address.
ufw allow from 10.11.12.0/24 to any port 5222
Hopefully I’ll remember this note is here and check back later, and anyone else that has luck searching for this stuff I hope these comments were useful.