Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
view the rest of the comments
The advice I've read (and implemented myself) is to not so much run a block list, but an allow list. So first things first, have a rule to block all connections, then have overriding rules to allow connections using criteria you would deem safe. If you know someone needs to access the server from the UK, include the UK on the allow list. Everything else can remain locked down until you have a reason to open it up to another country.
That's pretty much the way a firewall works, but I'm not sure it's quite so practical for email. When you get into something like cell phone access, the IPs can be all over the place. I've certainly seen enough attempts from addresses of my own cell provider. I've even seen fail2ban block IPs from my local city ISP, so it's really difficult just blacklist everything and not expect there to be nearly immediate problems for those of us who have legitimate access. This is one of the reasons I run multiple tools, between the standard blocklists to weed out spammers and public VPNs, to things like fail2ban providing more realtime protection. I look at the country blocklist as just another tool in the arsenal to try and find a balance between protecting my services but still allowing easy access where it is needed.
They said country-based, not location-based. Your cellphone provider will probably only be using a handful of countries at most to relay traffic.