Continue with proxy discussion on Riot chat. For those ports you may want to use to as RESTful endpoint, e.g. 26657 and 1317, you may consider proxy them to an external interface via an http proxy like Nginx or Caddy. The idea is to treat them like a web service which the RESTful requests to the RPC ports will be done over https. Then you can have control over the RPC ports of the node. You may configure rate limiting on the http proxy or make requests with user authentication using a web app. In this sense, the ports will not expose to external directly and you node is protecting from receiving too many requests suddenly.