Firewall

Default Deny for all incoming traffic

DNS-based filtering

Network segmentation

Install Fail2Ban

Block unnecessary outgoing ports