irmadlad

I've seen it done as such:

sudo ufw deny out 1:19/tcp sudo ufw deny out 1:19/udp sudo ufw deny out 22:52/tcp sudo ufw deny out 22:52/udp sudo ufw deny out 54:79/tcp sudo ufw deny out 54:79/udp sudo ufw deny out 81:122/tcp sudo ufw deny out 81:122/udp sudo ufw deny out 124:442/tcp sudo ufw deny out 124:442/udp sudo ufw deny out 444:65535/tcp sudo ufw deny out 444:65535/udp

But your way seems a bit more elegant

My new strategy is to block EVERY port

Wow! All 65535 +/-, in and out? That's one way to skin a cat.

• Fail2ban
• UFW
• Reverse Proxy
• IPtraf (monitor)
• Lynis (Audit)
• OpenVas (Audit)
• Nessus (Audit)
• Non standard SSH port
• CrowdSec + Appsec
• No root logins
• SSH keys
• Tailscale
• RKHunter

Love tailscale. The only issue I had with it is making it play nice with my local, daily driver VPN. Got it worked out tho. So, now everything is jippity jippity.

I too use Freshrss. I use a lot of the feeds from https://www.trackawesomelist.com/ which tracks all the Github Awesome lists.

This is the home lab creed: You do with what you have. Before I accumulated a bit of equipment, I've used laptops, RPi, minicomputers, at one time I had a cluster of Wyse thin clients bootstrapped together.

I read a lot. LOL I might not understand it all, but I read TBs of articles and stuff.

automate stuff in my homelab.

Love me some homelab automation. It puts a smile on my face when I get a little ding from telegram giving me a summary of this morning's email, what the weather will be for the day along with a summary of established connections to my servers 'cause I'm paranoid like that. LOL fun stuff

Caddy! I am embarrassed to think about how long it took me to figure out caddy. I kept cracking away at it tho, and one day it was like the clouds rolled back, and the sun shone on my face, a alien ship came down and this green little dude gave me the secrets, and it was all so simple. Now I can have caddy up and dishing out certs in about 5 minutes. When I look back, I cringe.

I hear about Incus being the next best thing. I've never played around with it. Is it all that and a bag o' chips?

Sometimes we get so engrossed in what we're doing we can't see the problem(s). I do that a lot, so I have take a break. Same with creating music. You get so deaf to what you are trying to write that nothing sounds good no matter what you do. In the words of Snoop Dog, 'I had to back up off of it and sit my cup down. Tanqueray and chronic, yeah, I'm fucked up now.'

Take a break.

The computer I'm using currently, I set the BIOS in 2012. WHen I built it, I stuffed every last piece of cutting edge tech of the time into it. Dual CPU, SLI, started with 64gb ram then later on maxed the board out at 128gb. It's still a workhorse tho. It's one of the three I use all the time for music production, selfhosting etc.