With Debian 10 (buster) the default firewall is nftables so it’s time to convert my iptables rules. Since Debian stable is never first with anything I was surprised to see how relative few articles and blogs there are about nftables compered to iptables.
I have been watching the WireGuard project with interest for a couple of years. I like how WireGuard is constructed. A small code base that focus on the core functionality. The use of standard Linux networking tools and simple public/private keys.
Ansible role with commentary for setting up your own mail server with Postfix and Dovecot. This could be considered a part two of Mail relay, MX backup and spam filtering with Postfix. Many postfix configurations are identical between these setups.
If you run your own mail server it is a good idea to have a MX backup in place. When your mail server goes down or you need to upgrade it, the MX backup will step in and store all mail until the mail server is back up.
Some tulips eating animals gave rise to the need of a security camera system. One could have bought a ready made system but that’s boring and as recent events show, their security is often abysmal. Much better to build my own system and I have been mening to play with the Raspberry Pi computers.
After reading articles like My First 5 Minutes On A Server by Bryan Kennedy and My First 10 Minutes On a Server by Cody Littlewood I was inspired to write up how I setup a new server. There are no special tricks in the way I setup servers to make them secure.
Let’s Encrypt is a project that offer free domain validated SSL/TLS certificates. The organisations and companies behind it includes EFF, Mozilla, Akamai and Cisco as well as many other. EFF has long been working for HTTPS Everywhere and Let’s Encrypt is a big step in this direction.