Here’s a good read.
3 Likes
these are two different problems. A secure firewall is several orders of magnitude more complex and requires understanding of what is happening that simply cannot be relegated to a recipe. There are too many moving parts, too many variables that apply to your own special situation.
If you want to learn, have a testing environment, block everything by default (so nothing works), and then start opening your traffic by adding exception rules to that draconian default setting. This requires time and patience. There are no shortcuts. Either you learn or you give the job to someone you trust.
I might be wrong, but coming from not understanding anything about network security, and having motivated myself to have a more secure internet, I came to this conclusion by having skin in the game.
Many years ago there was a project called shorewall that would have scripts helping you to create a firewall for a linux box that would guide you trough building a secure firewall intended to protect that specific computer. This was designed with that “didactic” purpose. I am not sure if it has been updated since then (early 2000s), but you might research it and see if it is still a viable solution for you. What I liked of that project was the fact that while configuring the firewall, you would also learn a lot. But even that approach would require a good amount of work.
3 Likes