Alain D D Williams <a...@phcomp.co.uk> wrote: > On Thu, Dec 21, 2023 at 10:11:08AM -0500, Pocket wrote: > > > Use a firewall and set it up correctly. > > That I have done. > > The issue is broadband usage - ie before it hits the firewall.
IIUC you have a residential system with an ISP connection with a download limit, and on that you are running a web server that you want to expose so some of your contacts can access it. You are concerned by scans run by potentially hostile actors against your server. Particularly by the volume of data they send. Is that correct? As long as you have a web server exposed, you cannot stop anybody and everybody sending packets to it, for good purposes or foul. You can cause your outermost firewall to drop packets, either from a blacklist of disallowed addresses or from all hosts except those on an allowed whitelist of hosts. That should reduce the traffic you see significantly. You should in any case instruct your firewall to drop all incoming packets on all ports except those you specifically need. Alternatively, you can change your ISP to one that offers unlimited service. I am happy with Zen, and would be happy to switch to Andrews & Arnold if I needed to.
