101
Do I really need a firewall for my server?
(sopuli.xyz)
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
Be civil.
No spam.
Posts are to be related to self-hosting.
Don't duplicate the full text of your blog or readme if you're providing a link.
Submission headline should match the article title.
No trolling.
Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.
Resources:
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
To follow up on this, I'd look to network segmentation as another useful security barrier. I've just started playing around with VLANs, but the way I plan on setting things up is to have individual VLANs for services, management and IoT, with the LAN for all other user-land devices. On top of this you add strict firewall rules to what can talk to what, on which ports, etc. So all devices on the network can do DNS queries to my two DNS servers, for instance, but things from my services VLAN can't reach anything outside of this VLAN...