this post was submitted on 11 Oct 2023
299 points (96.3% liked)

Linux

48101 readers
668 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

Hello fellow Linux enthusiasts!

As many of you know, Linux can be a powerful and flexible operating system, but it can also be daunting for new users, especially when it comes to securing their systems. With the abundance of information available online, it's easy to get overwhelmed and confused about the best practices for firewall configuration and basic security.

That's why I reaching out to the Linux community for help. I am looking users who are willing to share their expertise and write a comprehensive guide to Linux firewall and security.

The goal of this guide is to provide a centralized resource that covers the following topics:

Introduction to Linux firewalls (e.g., firewalld, ufw, etc.)
Understanding basic security principles (e.g., ports, protocols, network traffic)
Configuring firewalls for various scenarios (e.g., home networks, servers, VPNs)
Best practices for securing Linux systems (e.g., password management, package updates, file permissions)
Troubleshooting common issues and errors
Advanced topics (e.g., network segmentation, SELinux, AppArmor)

I am looking for a well-structured and easy-to-follow guide that will help new users understand the fundamentals of Linux firewall and security, while also providing advanced users with a comprehensive resource for reference.

If you're interested in contributing to this project, please reply to this post with your experience and expertise in Linux firewall and security. We'll be happy to discuss the details and work together to create a high-quality guide that benefits the Linux community.

Thank you for your time and consideration, and im looking forward to hearing from you!

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 1 year ago (1 children)

I really want to. My flatmates dont care at all, but afaik our router is supported. Could you share any experiences, how is the installation on such a "not meant to use third party software" device, are updates automatic? Do you install packages? How is the WebUI, how long would it take to just have it working?

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago) (1 children)

Installation of OpenWRT from stock depends on the device. Some devices are more involved than others.

Updates are not automatic, and they require planning with some down time. The process is backup settings, update wiping out settings, reapply settings by uploading backup.

I do not install packages. That leads even more horribly complicated updates. I don’t recommend using anything that isn’t in the stock image.

LuCI is serviceable. It’s not pretty, or the most intuitive, but it works.

OPNsense is better if you have the x86 hardware around to run it.

[–] [email protected] 1 points 1 year ago (1 children)

Thanks! So its a bit like Docker images, why doesnt it save settings? This sounds pretty horrible, shouldnt network hardware always be updated automatically?

[–] [email protected] 1 points 1 year ago

OpenWRT saves settings. It’s what’s in the backup, and that’s what allows the router to return to operation after a power cycle.

Things get can sideways when settings are persisted across updates. There is an option to persist settings, but there are fewer headaches when settings are wiped and restored from backup.

This gets even worse when packages are in play. Packages aren’t reinstalled when the backup is restored, so any packages need to be tracked then reinstalled after an update.

You’re opting to self-manage the router by installing OpenWRT. You are the QA department, and it’s up to you to make sure everything works and any manual changes are made.

In a production setting, no not at all. Updates need to be QA’d before being released, especially network equipment updates, to prevent outages.

The Turris Omnia is OpenWRT based and does auto updates, but the Turris is also $300-$400 dollars.