Opening your router to the Internet is risky. Are there any guides for the basics to keep things secure? Things like setting up fail2ban? My concern is that I’ll forget something obvious.
Edit: I haven’t had much of a chance to read through everything yet, but I really appreciate all these long, detailed responses. ❤️ Thanks folks!
Depends on your approach, but only open the minimum amount of ports necessary. Fail2ban is a good idea.
Consider a strict default deny iptables that also affects the output table - in case someone does get in, this will limit the damage one can do by making it part of a botnet.
Personally I like to isolate any exposed servers on its own vlan, so in case of compromise, it won’t affect any of the other hardware I’m running.
Also, most routers have less strict security if the connection is coming from the inside. Make sure any access methods to your router is secure.
Damn good point. Use the same security internally as externally.