I don't expose my RPi to the public internet (because my Ubuntu server is doing that and I can use it as a gateway to my RPi).
On Ubuntu I got UFW installed as part of the basic software. It's definitely the easiest way to fiddle with the kernel ip tables.
sudo apt-get update
sudo-apt-get install ufw
sudo ufw allow ssh
sudo ufw enable
https://help.ubuntu.com/community/UFW has lots of docs for it.
But beware, as soon as an SSH port is open you machine will be attacked from thousands of addresses all the time (changing to port 22222 doesn't work, security by obscurity isn't security). You'll also get a lot of unwelcome visitors hitting port 80 (search engines that don't read robots.txt are the worst, they suck bandwidth and cpu when they hit your webserver).
Here's my most recent unwelcome SSH visitor
Code: Select all
Oct 18 14:52:47 the-doctor sshd[30011]: Failed password for root from 207.7.92.99 port 52850 ssh2
So you a) need to check for security fixes for sshd every single day b) you need to ensure that the root user has a password that isn't simple ("1234" or "password" or "root") or a dictionary word.
http://xkcd.com/936/
Here's my the latest website hacker
Code: Select all
error.log:[Fri Oct 18 01:03:01 2013] [error] [client 58.211.18.184] Invalid URI in request GET <title>phpMyAdmin HTTP/1.1
error.log:[Fri Oct 18 01:03:02 2013] [error] [client 58.211.18.184] File does not exist: /srv/www/homelinux/public-internet/phpmyadmin
They get blocked with a tool called fail2ban (which should work on an RPi since it's written in python).
To test what's open from your machine to the Public Internet head over to
http://www.yougetsignal.com/tools/open-ports/
