Calling all Linux enthusiasts! Help us create a comprehensive guide to Linux firewalls and security!

Hello fellow Linux enthusiasts!

As many of you know, Linux can be a powerful and flexible operating system, but it can also be daunting for new users, especially when it comes to securing their systems. With the abundance of information available online, it’s easy to get overwhelmed and confused about the best practices for firewall configuration and basic security.

That’s why I reaching out to the Linux community for help. I am looking users who are willing to share their expertise and write a comprehensive guide to Linux firewall and security.

The goal of this guide is to provide a centralized resource that covers the following topics:


<span style="color:#323232;">Introduction to Linux firewalls (e.g., firewalld, ufw, etc.)
</span><span style="color:#323232;">Understanding basic security principles (e.g., ports, protocols, network traffic)
</span><span style="color:#323232;">Configuring firewalls for various scenarios (e.g., home networks, servers, VPNs)
</span><span style="color:#323232;">Best practices for securing Linux systems (e.g., password management, package updates, file permissions)
</span><span style="color:#323232;">Troubleshooting common issues and errors
</span><span style="color:#323232;">Advanced topics (e.g., network segmentation, SELinux, AppArmor)
</span>

I am looking for a well-structured and easy-to-follow guide that will help new users understand the fundamentals of Linux firewall and security, while also providing advanced users with a comprehensive resource for reference.

If you’re interested in contributing to this project, please reply to this post with your experience and expertise in Linux firewall and security. We’ll be happy to discuss the details and work together to create a high-quality guide that benefits the Linux community.

Thank you for your time and consideration, and im looking forward to hearing from you!

apt_install_coffee,

I build Linux routers for my day job. Some advice:

  • your firewall should be an appliance first and foremost; you apply appropriate settings and then other than periodic updates, you should leave it TF alone. If your firewall is on a machine that you regularly modify, you will one day change your firewall settings unknowingly. Put all your other devices behind said firewall appliance. A physical device is best, since correctly forwarding everything to your firewall comes under the “will one day unknowingly modify” category.
  • use open source firewall & routing software such as OpenWRT and PFSense. Any commercial router that keeps up to date and patches security vulnerabilities, you cannot afford.
cole,
@cole@lemdro.id avatar

opinions on Ubiquiti routers?

apt_install_coffee,

I had an EdgeRouter X for years before I started my job. They are solid devices, and I’d definitely put them above most consumer routers.

Because they only charge for the hardware, they will eventually run into the same disincentive to provide consistent timely updates. If you do buy an Ubiquiti or similar enthusiast brand, do still keep an eye out for the CVEs that don’t get patched.

barrett9h,
  1. Install OpenBSD
  2. ???
  3. Profit!
possiblylinux127,

No thanks. I like to stay on the beaten path

drwho,
@drwho@beehaw.org avatar

That’s understandable. However, pf (OpenBSD’s firewall system) is incredibly logical and easy to use. I never expected to write a fully operational (bloody thing worked the first time I tried it!) firewall ruleset on a two hour flight from scratch.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • linux@lemmy.ml
  • localhost
  • All magazines
    •
    Loading…
    Loading the web debug toolbar…
    Attempt #