Description
Is your feature request related to a problem? Please describe.
I'm completely new to servers & Algo (therefore I apologise if I don't make any sense) and it was a bit of a shock to see the number of brute force attempts to get in via netstat. The default deployment firewall at the moment for Vultr leaves port 22 open to any IPv4 or IPv6 address. Further the default /etc/ssh/sshd_config allows both root access and password access, and it doesn't force keys (I was able to SSH in via putty on a different computer with just a username & password). Less knowledgeable users may struggle with security.
Describe the solution you'd like
I'd like to see an option upon deployment to prevent any additional port being opened, only leaving open 500, 4500 & wireguard. This option would have a short explanation encouraging users to select it if they were concerned. For those selecting that option, access can still be faciliated from a cloud provider's console or through wireguard. A comment on the option that this would help against brute force attempts. More out of the box security is good, especially for those of us just starting out.
Describe alternatives you've considered
I've noticed there are a number of discussions already about including fail2ban #1672 and PR #1636 to randomise the port. I agree with comments in #1672 that both would help lower instances.