A small checklist before opening a new port
Before exposing a new service, I try to answer four boring questions: what is it for, who should reach it, how will I verify it, and how will I roll it back?
- Purpose: what exact service or path am I exposing?
- Audience: public internet, only me, or only a trusted client?
- Verification: what curl, browser check, or log line proves it works?
- Rollback: what file or rule do I revert if it goes wrong?
These are simple questions, but skipping them is how small changes turn into confusing evenings.