This is an interesting idea! We've looked at setting up cloud provider specific firewalls but given the different architectures there's a reasonable amount of work there. Using ufw would be universal an much easier to implement, ansible also appears to have a community maintained ufw module that handles this.
The main limitation currently is that we'd need to pull in port information from across the config (to ensure we don't accidentally block anything) and our inventory construction process doesn't currently allow this. But we're hoping to have a more versatile inventory process ready in the next month. I'll ticket ufw support as something to look at once this work is done
In the short term I've also added a ticket to create some links in the documentation to post-sync setup. We can definitely add either a small ufw example or link for users who are going to persist their nodes for a while and want to manually setup ufw
This is an interesting idea! We've looked at setting up cloud provider specific firewalls but given the different architectures there's a reasonable amount of work there. Using ufw would be universal an much easier to implement, ansible also appears to have a community maintained ufw module that handles this.
The main limitation currently is that we'd need to pull in port information from across the config (to ensure we don't accidentally block anything) and our inventory construction process doesn't currently allow this. But we're hoping to have a more versatile inventory process ready in the next month. I'll ticket ufw support as something to look at once this work is done
In the short term I've also added a ticket to create some links in the documentation to post-sync setup. We can definitely add either a small ufw example or link for users who are going to persist their nodes for a while and want to manually setup ufw