Hello fellow Linux enthusiasts!
As many of you know, Linux can be a powerful and flexible operating system, but it can also be daunting for new users, especially when it comes to securing their systems. With the abundance of information available online, it’s easy to get overwhelmed and confused about the best practices for firewall configuration and basic security.
That’s why I reaching out to the Linux community for help. I am looking users who are willing to share their expertise and write a comprehensive guide to Linux firewall and security.
The goal of this guide is to provide a centralized resource that covers the following topics:
Introduction to Linux firewalls (e.g., firewalld, ufw, etc.)
Understanding basic security principles (e.g., ports, protocols, network traffic)
Configuring firewalls for various scenarios (e.g., home networks, servers, VPNs)
Best practices for securing Linux systems (e.g., password management, package updates, file permissions)
Troubleshooting common issues and errors
Advanced topics (e.g., network segmentation, SELinux, AppArmor)
I am looking for a well-structured and easy-to-follow guide that will help new users understand the fundamentals of Linux firewall and security, while also providing advanced users with a comprehensive resource for reference.
If you’re interested in contributing to this project, please reply to this post with your experience and expertise in Linux firewall and security. We’ll be happy to discuss the details and work together to create a high-quality guide that benefits the Linux community.
Thank you for your time and consideration, and im looking forward to hearing from you!
Installation of OpenWRT from stock depends on the device. Some devices are more involved than others.
Updates are not automatic, and they require planning with some down time. The process is backup settings, update wiping out settings, reapply settings by uploading backup.
I do not install packages. That leads even more horribly complicated updates. I don’t recommend using anything that isn’t in the stock image.
LuCI is serviceable. It’s not pretty, or the most intrusive, but it works.
OPNsense is better if you have the x86 hardware around to run it.
Thanks! So its a bit like Docker images, why doesnt it save settings? This sounds pretty horrible, shouldnt network hardware always be updated automatically?
OpenWRT saves settings. It’s what’s in the backup, and that’s what allows the router to return to operation after a power cycle.
Things get can sideways when settings are persisted across updates. There is an option to persist settings, but there are fewer headaches when settings are wiped and restored from backup.
This gets even worse when packages are in play. Packages aren’t reinstalled when the backup is restored, so any packages need to be tracked then reinstalled after an update.
You’re opting to self-manage the router by installing OpenWRT. You are the QA department, and it’s up to you to make sure everything works and any manual changes are made.
In a production setting, no not at all. Updates need to be QA’d before being released, especially network equipment updates, to prevent outages.
The Turris Omnia is OpenWRT based and does auto updates, but the Turris is also $300-$400 dollars.