Requirements
- Target platform
- OpenClaw
- Install method
- Manual import
- Extraction
- Extract archive
- Prerequisites
- OpenClaw
- Primary doc
- SKILL.md
Tencent SkillHub ยท Security & Compliance
Firewall
Configure firewalls on servers and cloud providers with security best practices.
skill openclawclawhub Free
Configure firewalls on servers and cloud providers with security best practices.
โฌ 0 downloads โ
0 stars Unverified but indexed
Install for OpenClaw
Quick setup
- Download the package from Yavira.
- Extract the archive and review SKILL.md first.
- Import or place the package into your OpenClaw setup.
Package facts
- Download mode
- Yavira redirect
- Package format
- ZIP package
- Source platform
- Tencent SkillHub
- What's included
- SKILL.md
Validation
- Use the Yavira download entry.
- Review SKILL.md after the package is downloaded.
- Confirm the extracted package contains the expected setup assets.
Install with your agent
Agent handoff
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
New install
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete.
Upgrade existing
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run.
Trust & source
Release facts
- Source
- Tencent SkillHub
- Verification
- Indexed source record
- Version
- 1.0.0
Provenance
- Publisher
- ivangdavila
- Source page
- View original listing
- Canonical URL
- Open canonical page
Documentation
Critical First Steps
Allow SSH/remote access before enabling any firewall โ enabling first locks you out Test access in a second session before closing the first โ verify the rule actually works Know how to access provider console โ it's the only way back if locked out
Default Stance
Default deny all incoming traffic โ only open what you explicitly need Default allow outgoing traffic โ most apps need to reach the internet Every open port is attack surface โ question each one before adding
Essential Ports
SSH (22 or custom): Always needed for remote access โ consider limiting to your IP only HTTP (80): Only if serving web traffic โ also needed for Let's Encrypt HTTP challenge HTTPS (443): For production web services Don't open database ports (3306, 5432, 27017) to the internet โ access via SSH tunnel or private network
Provider Firewalls (Hetzner, DigitalOcean, AWS, etc.)
Provider firewall applies before traffic reaches your server โ faster, less server load Changes usually apply immediately โ no reload command needed Stateful by default โ allow inbound, responses automatically allowed outbound Apply to server groups for consistency โ easier than per-server rules Provider firewall + OS firewall = defense in depth โ use both when possible
IP Restrictions
Limit SSH to known IPs when possible โ dramatically reduces attack surface Your home IP may change โ use a VPN with static IP or update rules when it changes Allow IP ranges with CIDR notation โ /32 is single IP, /24 is 256 IPs Some providers support dynamic DNS in rules โ check before building complex solutions
Common Services to Consider
VPN (WireGuard: 51820/UDP, OpenVPN: 1194) โ allows secure access without exposing other ports Mail (25, 465, 587) โ only if running mail server DNS (53 TCP/UDP) โ only if running DNS server Monitoring agents may need outbound access to specific IPs
Docker Warning
Docker bypasses most OS firewalls by default โ containers expose ports regardless of UFW/iptables Solution: bind containers to localhost only and use reverse proxy for public access Or configure Docker to respect firewall rules โ requires additional setup Provider-level firewalls still work โ they block before traffic reaches Docker
IPv6
Firewalls often have separate IPv4 and IPv6 rules โ configure both Provider firewalls may handle both together โ check their documentation Attackers probe IPv6 when IPv4 is locked down โ don't neglect it
Debugging
Test from outside your network โ rules may look correct but not work Provider dashboards often show blocked traffic logs "Connection refused" = port closed properly; "Connection timeout" = firewall dropping silently Online port scanners verify what's actually open from the internet
Common Mistakes
Opening ports "temporarily" and forgetting to close them Opening 80/443 when no web server runs โ unnecessary exposure Forgetting UDP for services that need it โ DNS, VPN, game servers Assuming firewall is active โ verify it's actually running/applied Only configuring IPv4 โ leaving IPv6 wide open Trusting "security through obscurity" โ non-standard ports slow attackers, don't stop them
Category context
Identity, auth, scanning, governance, audit, and operational guardrails.
Source: Tencent SkillHub
Largest current source with strong distribution and engagement signals.
Package contents
Included in package
1 Docs
- SKILL.md