Should I learn iptables or is it more sane to use a front end like ufw?
I have an RPI with dual Ethernet between my modem and consumer router so I don’t have to depend on the obsolete and limited consumer router software. I’m using OpenWRT at the moment but curious if you have other recommendations. I like the Luci gui so if I switched to headless Debian or something then I’d still want a luci equivalent.
I’m self hosting with docker and I want to set up a wireguard vpn container that joins a network with a select set of containers. So I’d have containers that are accessible only by actual LAN users and then others that are in this isolated group that only the VPN (i.e. WAN people) can access. I thought that’s what docker was all about! But by default it seems all authenticated VPN peers just get to be on the LAN. Sure, they can’t get at containers on a different docker bridge network, but they get to access the host itself! This is why I asked about iptables above, but it’s daunting. Any ideas on how to achieve “two levels of trust” for self hosted services?
Yay!
Should I learn iptables or is it more sane to use a front end like ufw?
I have an RPI with dual Ethernet between my modem and consumer router so I don’t have to depend on the obsolete and limited consumer router software. I’m using OpenWRT at the moment but curious if you have other recommendations. I like the Luci gui so if I switched to headless Debian or something then I’d still want a luci equivalent.
I’m self hosting with docker and I want to set up a wireguard vpn container that joins a network with a select set of containers. So I’d have containers that are accessible only by actual LAN users and then others that are in this isolated group that only the VPN (i.e. WAN people) can access. I thought that’s what docker was all about! But by default it seems all authenticated VPN peers just get to be on the LAN. Sure, they can’t get at containers on a different docker bridge network, but they get to access the host itself! This is why I asked about iptables above, but it’s daunting. Any ideas on how to achieve “two levels of trust” for self hosted services?