Inspired by this comment to try to learn what I’m missing.

  • Cloudflare proxy
  • Reverse Proxy
  • Fail2ban
  • Docker containers on their own networks

Another concern I have is does it need to be on a separate machine on a vlan from the rest of the network or is that too much?

      • @[email protected]English
        915 days ago

        There are ip lists that let you iptables drop all traffic from China and Russia.

        Strongly recommend.

        • @[email protected]OPEnglish
          515 days ago

          I was auto banning all countries but my own but now I’m hosting one resource that has an audience including Chinese…

          Good advice outside of this use case! :)

          • @[email protected]English
            415 days ago

            Yeah, there were other countries to ban, but those 2 cut my attacks down 90%.

            Also consider a honeypot that triggers when anyone tries to ssh it at all.

        • Lka1988English
          214 days ago

          My UDM has this capability. I’ve blocked quite a few countries that it logged as trying to get into my network. Great little internet cylinder.

          • @[email protected]English
            113 days ago

            Have the rack mounted one, I usually roll my own router but I’m glad to have someone else making sure I don’t do anything stupid for security.

            It’s not perfect, but it’s peace of mind.