i am interested in your ideas on how you would set up a Qube as secure as possible to connect to a single ordinary internet site (not a VPN network) accessed directly via its IP address.
i am interested in your ideas on how you would set up a Qube as secure as possible to connect to a single ordinary internet site (not a VPN network) accessed directly via its IP address.
What else would you do?
Possibly double-check and further restrict iptables & nftables on the qube itself, but could be an annoyance to maintain.
These are good.
Disable all unnecessary services in the qube - that means almost all of
them.
Change the nft/iptables configuration on the qube itself - note that you
can do this in `/rw/config/rc.local` but that is processed after the
network comes up.
You want to allow only outbound lo and to your target.
Remove/overwrite /etc/resolv.conf
You can also create an alias in /etc/hosts to avoid typing out the full
IP address.