79224840

Date: 2024-11-25 23:16:50
Score: 1
Natty:
Report link

  1. You haven't provided any details about your home network. It seems likely that your home network sits behind a some kind of device that provides Network Address Translation (NAT) so that devices on your home network are able to access the Internet, even thought your Internet Service Provider (ISP) has only provided you a single, publicly routable IP address. You might refer to this device as your home router, your broadband router, or even your wireless router. It may even be built into the modem that provides you with Internet service.

    If that assumption is correct, you arguably don't need to do anything else. The router is providing NAT service, which precludes explicit attempts by an external entity from initiating contact with any device on on your home network. If that assumption is incorrect, you should clarify the details of your home network environment.

  2. I don't have a lot of insight into web servers, but the first thing that comes to mind is that you could look into enabling username/password authentication on the web service as a whole, or for the exposed Django app.

  3. Give my assumption about your home router, then in principle you don't need to modify its firewall configuration. You should make sure that it does not have any port forwarding rules enabled, or if it does, those rules are not pointing at your Dango app's listening port.

    That said, you could consider enabling firewall rules on your ubuntu server. You can explicitly allow only local source IP addresses to connect to your server. Last I knew ubuntu uses the ufw firewall tool. Enable it according to this document. This will block almost everything from connecting to your server. You then need to add a rule to allow any connections.

    Then add a rule like sudo ufw allow proto tcp from 192.168.1.0/24 to any port 80 . This assumes your home network is in the network range 192.168.1.0/24, your Dgango is listening on port 80, and uses TCP (save assumption for HTTP and HTTPS). Change the range and the port number per your requirements.

    If you use SSH to connect to your server, you'll need to enable that, as well. (TCP port 22).

  4. You could modify your Django instance per this link to enforce allow lists for your application. However, in my opinion, implementing the firewall rule on the ubuntu server is equivalent, and (again, in my opinion) is easier to maintain.

Reasons:
  • Blacklisted phrase (1): this document
  • Blacklisted phrase (1): this link
  • Long answer (-1):
  • Has code block (-0.5):
  • Low reputation (0.5):
Posted by: Jeremy Impson