This is the only answer you need to read. It's a non-problem if you just do this, and there's no reason not to do it.
JubilantJaguar
joined 2 years ago
Possibly it's about personality types. I was only going on my own experience. Of always being told by a chorus of experts "Oh no you don't want to do that!" and ending up being terrified to touch anything. When I now know that I usually had nothing to be afraid of, because dangerous things tend to be locked down by design, exactly as they should be.
it depends how secure you want your network to be. Personally I think UFW is easy so you may as well set it up
IMO this attitude is problematic. It encourages people (especially newbies) to think they can't trust anything, that software is by nature unreliable. I was one of those people once.
Personally, now I understand better how these things work, there's no way I'm wasting my time putting up multiple firewalls. The router already has a firewall. Next.
PS: Sure, people don't like this take - you can never have enough security, right? But take account of who you're talking to - OP didn't understand that their server is not even on the public internet. That fact makes all the difference here.
Immutable distros like NixOS don't stop you from tweaking stuff, they just record every tweak centrally, so that you can undo them and do rollbacks.
Others can confirm that I've got that right. Haven't tried it but the idea sounds great.
I would like to have a system when I know what I did, what is opened/installed/activated and what is not
Story of my life after 20 years on Linux. Maybe we could call it "modification anxiety".
I believe this is the case for an immutable OS.
ITT: lots of generic VPN advice by people who have no experience with the specific problem.