this post was submitted on 11 Oct 2023
311 points (96.4% liked)

Linux

48052 readers
805 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

Hello fellow Linux enthusiasts!

As many of you know, Linux can be a powerful and flexible operating system, but it can also be daunting for new users, especially when it comes to securing their systems. With the abundance of information available online, it's easy to get overwhelmed and confused about the best practices for firewall configuration and basic security.

That's why I reaching out to the Linux community for help. I am looking users who are willing to share their expertise and write a comprehensive guide to Linux firewall and security.

The goal of this guide is to provide a centralized resource that covers the following topics:

Introduction to Linux firewalls (e.g., firewalld, ufw, etc.)
Understanding basic security principles (e.g., ports, protocols, network traffic)
Configuring firewalls for various scenarios (e.g., home networks, servers, VPNs)
Best practices for securing Linux systems (e.g., password management, package updates, file permissions)
Troubleshooting common issues and errors
Advanced topics (e.g., network segmentation, SELinux, AppArmor)

I am looking for a well-structured and easy-to-follow guide that will help new users understand the fundamentals of Linux firewall and security, while also providing advanced users with a comprehensive resource for reference.

If you're interested in contributing to this project, please reply to this post with your experience and expertise in Linux firewall and security. We'll be happy to discuss the details and work together to create a high-quality guide that benefits the Linux community.

Thank you for your time and consideration, and im looking forward to hearing from you!

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 1 year ago (1 children)

You got a lot of good answers to this. I'll add mine:

A router is a device that bridges multiple physical networks (it will have at least two network interfaces) and directs traffic between them. It inspects every packet of data and decides which port to send it to.

In a typical home here in the US, one network is your ISP (connected to your cable modem, for example) and the other is your home computers, consoles and devices via wifi or direct connection (like a NAS drive, for example).

Generally you want a firewall to go along with your router. Instead of blindly passing all data to the correct network, it will decide whether it is allowed to pass or not based on a configured ruleset. Most consumer home wifi routers have a simple firewall built-in.

They also have other features like "load balancing" to prioritize certain data that is more sensitive to interruptions in the data flow (like gaming) over data that isn't (like video or audio), or "DHCP servers" to hand out IP addressed to devices on the network, or "VPN tunneling" to encrypt data, etc.

A linux-based computer is more than capable of performing all these tasks. If well-configured, it can do it much better than a consumer device, with better hardware and more reliability for less money over time (when taking reliability into account).

[–] [email protected] 1 points 1 year ago (2 children)

Thanks!

I had another problem, I wanted to set a not sucking DNS server on our router, but nobody had internet anymore unless they would set the same server on their devices. Why is that?

I simply wanted to avoid our ISP spying on us by using some shit DNS server they control or get paid by

[–] [email protected] 1 points 1 year ago (1 children)

The best way to avoid your ISP spying is to use a VPN. It encrypts all the data before your ISP ever sees the data so they can't spy on you. I use Private Internet Access but I recommend doing some research and finding one that's good in your country.

I'm not sure why you had an issue with just changing your DNS. Did you change it in the DHCP settings or somewhere else?

Regardless, just to be clear, changing your DNS won't prevent your ISP from spying on you. Many of the big DNS providers like Google will absolutely spy on you through your DNS calls so I do think it's a good idea to use a better DNS. I personally use AdGuard DNS, which has a built in ad blocker that works really well.

[–] [email protected] 1 points 1 year ago

I wanted to use the changed DNS for adblocking (good for the environment too haha) and also of course not use Google but a good one, best not in my own country.

This would be pretty good for privacy I think, especially if it would use DNSCrypt where your ISP would just see the DNSses IP, right?

But this would probably need to be set up on all the clients, and my roomies have apple devices, LOL

[–] [email protected] 1 points 1 year ago

Do they use DHCP for their network addressing information? They should get the router's IP as the default recursive DNS resolver...