this post was submitted on 11 Oct 2023
4 points (100.0% liked)

Linux

48310 readers
645 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

Hello fellow Linux enthusiasts!

As many of you know, Linux can be a powerful and flexible operating system, but it can also be daunting for new users, especially when it comes to securing their systems. With the abundance of information available online, it's easy to get overwhelmed and confused about the best practices for firewall configuration and basic security.

That's why I reaching out to the Linux community for help. I am looking users who are willing to share their expertise and write a comprehensive guide to Linux firewall and security.

The goal of this guide is to provide a centralized resource that covers the following topics:

Introduction to Linux firewalls (e.g., firewalld, ufw, etc.)
Understanding basic security principles (e.g., ports, protocols, network traffic)
Configuring firewalls for various scenarios (e.g., home networks, servers, VPNs)
Best practices for securing Linux systems (e.g., password management, package updates, file permissions)
Troubleshooting common issues and errors
Advanced topics (e.g., network segmentation, SELinux, AppArmor)

I am looking for a well-structured and easy-to-follow guide that will help new users understand the fundamentals of Linux firewall and security, while also providing advanced users with a comprehensive resource for reference.

If you're interested in contributing to this project, please reply to this post with your experience and expertise in Linux firewall and security. We'll be happy to discuss the details and work together to create a high-quality guide that benefits the Linux community.

Thank you for your time and consideration, and im looking forward to hearing from you!

top 8 comments
sorted by: hot top controversial new old
[–] knobbysideup@lemm.ee 1 points 1 year ago
  • use pfsense for a firewall. Using nftables, firewalld, etc should only really come into play if on an untrusted network. Firewalls on servers can cause more problems than they solve and are easy to misconfigure.
  • run lynis on your Linux servers to help get them compliant with CIS benchmarks
  • be careful with your reverse proxies
  • keep things patched
  • run only necessary services
  • configure needed services conservatively
  • no root logins
[–] apt_install_coffee@lemmy.ml 0 points 1 year ago (1 children)

I build Linux routers for my day job. Some advice:

  • your firewall should be an appliance first and foremost; you apply appropriate settings and then other than periodic updates, you should leave it TF alone. If your firewall is on a machine that you regularly modify, you will one day change your firewall settings unknowingly. Put all your other devices behind said firewall appliance. A physical device is best, since correctly forwarding everything to your firewall comes under the "will one day unknowingly modify" category.

  • use open source firewall & routing software such as OpenWRT and PFSense. Any commercial router that keeps up to date and patches security vulnerabilities, you cannot afford.

[–] skimm@lemmy.sdf.org 1 points 1 year ago (1 children)

Any links or thoughts on sane OpenWRT settings for a home network? I'm a networking noob but learning slowly and would love some good reading or tips.

[–] wrinkletip@feddit.nl 1 points 1 year ago (1 children)
[–] drwho@beehaw.org 1 points 1 year ago

Agreed. Solid out of the box.

[–] pastermil@sh.itjust.works 0 points 1 year ago (1 children)

I think firewall is the last thing you'd want to discuss with the newcomers...

[–] LordKitsuna@lemmy.world 0 points 1 year ago* (last edited 1 year ago) (1 children)

Yeah I don't even understand the point. The vast majority of people don't even need a client side firewall. The only time you need to worry about a client side of firewall is if you're on a laptop that you actually take out of your house ever or on a university or otherwise shared network. At home it's completely meaningless and a waste of CPU Cycles.

There are significantly better ways to address security, like how to enable a sandbox like firejail or bubblewrap or enable things like apparmor, firewall is probably one of the most inconsequential parts of security these days because it's all handled by the local router

[–] AProfessional@lemmy.world 1 points 1 year ago* (last edited 1 year ago)

Home networks are full of trash like iot devices, like smart speakers, tvs, plugs, etc. Average people should have firewalls. It’s free.