ohshit604@sh.itjust.worksEnglish
4 hoursOpenSnitch is a nice for the desktop environment, deny by default and prompts the user when an application requests a open port, at first the prompts can get a little overwhelming given how many things want to connect to xyz server but eventually lightens up.
- Jason2357@lemmy.caEnglish4 hours
Its a little annoying on Linux but I wonder what it would be like on Windows.
- hypna@lemmy.worldEnglish5 hours
These firewall tools are interesting, but I honestly haven’t needed them in years. The premise is a little out of date. Who puts cloud servers on the open internet these days? Everything I see uses a public load balancer and a WAF service.
- 0x0@infosec.pubEnglish5 hours
Sure, but what if youve configured your waf or w/e incorrectly, what if someone gains access to another part of your network? Having sane firewall settings is always better than none at all.
- hypna@lemmy.worldEnglish4 hours
All the cloud services I’ve used had virtual network firewalls for internal traffic. Security Groups for AWS, Cloud Firewall for GCP, etc. That’s typically how lateral traffic gets managed. Defense in depth is good, but as I said I haven’t used host firewalls in forever, and we get audited for security certificates every year, and no auditor has asked about them that I recall.
- Jason2357@lemmy.caEnglish4 hours
A lot of people host websites created with a static site generator just fine without that extra layer. Unless your site has expensive to generate dynamic pages, lots of video content, or deep changelog pages (wiki history or forge commit diff’s publicly available), it makes a lot of sense to keep it simple.
Putting everything behind Cloudflare is just cargo cult behaviour and learning all the ins and outs of it isnt any harder than learning a firewall (which is transferrable knowledge that can also protect your machines from each other).
- eleijeep@piefed.socialEnglish5 hours
If you’re trying to be cost-effective, renting a VPS for a fixed term instead of using a IaaS platform that provides all these things just by clicking a checkbox, then caring about your firewall is a necessary part of building the system image that you deploy. You can of course set up your own private networking between systems and build the same type of architecture that a IaaS would provide, but to do that you’re going to need to understand everything about linux networking and netfilter already.
- hypna@lemmy.worldEnglish4 hours
Maybe that’s the context. All of my cloud hosting work is very large corporate systems in the big three clouds. You’re talking about Hostinger or Scalahosting type services, yes?


