Hello fellow Linux enthusiasts!

As many of you know, Linux can be a powerful and flexible operating system, but it can also be daunting for new users, especially when it comes to securing their systems. With the abundance of information available online, it’s easy to get overwhelmed and confused about the best practices for firewall configuration and basic security.

That’s why I reaching out to the Linux community for help. I am looking users who are willing to share their expertise and write a comprehensive guide to Linux firewall and security.

The goal of this guide is to provide a centralized resource that covers the following topics:

Introduction to Linux firewalls (e.g., firewalld, ufw, etc.)
Understanding basic security principles (e.g., ports, protocols, network traffic)
Configuring firewalls for various scenarios (e.g., home networks, servers, VPNs)
Best practices for securing Linux systems (e.g., password management, package updates, file permissions)
Troubleshooting common issues and errors
Advanced topics (e.g., network segmentation, SELinux, AppArmor)

I am looking for a well-structured and easy-to-follow guide that will help new users understand the fundamentals of Linux firewall and security, while also providing advanced users with a comprehensive resource for reference.

If you’re interested in contributing to this project, please reply to this post with your experience and expertise in Linux firewall and security. We’ll be happy to discuss the details and work together to create a high-quality guide that benefits the Linux community.

Thank you for your time and consideration, and im looking forward to hearing from you!

  • BoofStroke
    link
    fedilink
    English
    51 year ago
    • use pfsense for a firewall. Using nftables, firewalld, etc should only really come into play if on an untrusted network. Firewalls on servers can cause more problems than they solve and are easy to misconfigure.
    • run lynis on your Linux servers to help get them compliant with CIS benchmarks
    • be careful with your reverse proxies
    • keep things patched
    • run only necessary services
    • configure needed services conservatively
    • no root logins
    • @LordKitsuna
      link
      31 year ago

      i just want to also toss opnsense into that list, a long time ago it forked off pfsense and these days it offers (in my opinion) a significantly easier and better UI as well as more up to date kernel and better tools for dealing with things like buffer bloat