Remote Support
Remote Access
Monitoring and Management
Presentation
Remote Work
Standard
Business
Enterprise@Darrell_Swafford - I can’t think of a scenario where you you would be able to disable/enable an ssh firewall rule, where you wouldn’t already have console access, so why not just do your updates/upgrades that way without ever enabling/disabling ssh firewall?
SSH configured with root login disabled and using keys, or a very strong unique password paired with fail2ban is more than sufficient. In my 17 years of managing publicly accessible linux servers this has never been an issue, nor have I heard of it being one. (this also assumes that you are applying security updates regularly/automatically)
I don’t see much reason to turn off udp, as if you think it is insecure than tcp would be just as vulnerable, so why not leave them both open as it expects?
SimpleHelp’s suggested config:
If the machine you are sharing can access your server over UDP then we would recommend using it as it is more scalable. A SimpleHelp server can support more machines connecting over UDP than over HTTP. If you have thousands of shared remote access machines then using UDP for at least the bulk of them is a must.