How can I configure my node such that it is secure for public access?
I am aware that I can use either the --remote-limit-api launch argument, or by setting it in my ini;
REMOTE_LIMIT_API=addNeighbors
Which commands should I disable on a public node?
Which commands are required for client / wallets to be able to connect properly?
If possible, you should make it available via HTTPS as well (as some wallets will only talk to HTTPS nodes).
You should definitely disable commands related to neighbors, otherwise others could remove your neighbors or add some others (to send them an UDP flood).
The official GUI wallet needs the following commands:
getNodeInfo - to retrieve the latest milestone hash (needed to check whether a transaction is confirmed)findTransactions and getTrytes - to show transaction history and find which addresses are already usedgetInclusionStates - to query whether a transaction is confirmedgetBalances - to show the current wallet balancegetTransactionsToApprove - to find out where to attach to the tanglestoreTransactions - to save a transaction once it is finished (POW is made)broadcastTransactions - to "rebroadcast"