this post was submitted on 24 Mar 2025
96 points (95.3% liked)

Selfhosted

45119 readers
783 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
96
Do I really need a firewall for my server? (sopuli.xyz)
submitted 5 days ago by theselfhoster@sopuli.xyz to c/selfhosted@lemmy.world
62 comments fedilink hide all child comments
 

I've been running my server without a firewall for quite some time now, I have a piped instance and snikket running on it. I've been meaning to get UFW on it but I've been too lazy to do so. Is it a necessary thing that I need to have or it's a huge security vulnerability? I can only SSH my server from only my local network and must use a VPN if I wanna SSH in outside so I'd say my server's pretty secure but not the furthest I could take it. Opinions please?

you are viewing a single comment's thread
view the rest of the comments
[–] superglue@lemmy.dbzer0.com 4 points 5 days ago (1 children)

I use OpenWRT on my network and each server I have is on its own VLAN. So in my case, my router is the firewall to my servers. But I do have on my todo list to get the local firewalls working as well. As others have said, security is about layers. You want an attacker to have to jump multiple hurdles.

[–] possiblylinux127@lemmy.zip 1 points 4 days ago (1 children)

Why did you put each server in its own vlan? You now have a bunch of separate broadcast domains that need a router to move traffic between them. Switching is much faster since it is done in hardware most of the time.

[–] superglue@lemmy.dbzer0.com 1 points 4 days ago (1 children)

Mainly for security reasons. Both servers have some limited exposure to the internet. Are you saying doing it that way has performance implications? I haven't noticed any problems its all fast just like before when everything was on the same LAN

[–] possiblylinux127@lemmy.zip 1 points 4 days ago (1 children)

It will impact server to server performance significantly.

If the servers are independent that's fine but don't do a file share or some other performance critical component across vlans.

[–] superglue@lemmy.dbzer0.com 1 points 4 days ago (1 children)

Interesting, I haven't noticed anything, in fact since I switched everything has felt faster. And I'm constantly sending large files to devices on other VLANs.

[–] possiblylinux127@lemmy.zip 0 points 4 days ago

It will be slower with more latency and CPU usage.

I would highly recommend you read up on networking and the OSI model. Switching is extremely fast because it is done in hardware. Routing is slow because it goes though the CPU.

If all else fails you could create a dedicated vlan for storage access.