https://www.youtube.com/watch?v=Pu7LvnxV6N0

Thanks! I’ll noodle it around a little. :)

Now THAT sounds like a smart solution! I’ll look into it! :) I can ask my ISP to give me a static address for my home. But something needs to prompt the ssh command “at home” to connect to my second computer, right (actually Termux on my Android phone)?

And then there is user management and permissions that I could sprinkle on top that.

I’ll check it out.

True. Hadn’t thought of that. Maybe I could make the address extremely long and arbitrary? And “hide” it behind my e-mail alias service?

But I absolutely understand the security implications.

Hm… I’d run the script/service with root privileges and make the commands concise one-liners, maybe… I’m actually only looking at the shutdown command , presuming that it does sync and umount gracefully…

Maybe I could reduce security risks by creating a user that can only run shutdown. And make it so that only that user can access (download, print, execute) emails?

Sweet!

Would it be possible for an average user like me to host the whole AUR and the whole Arch Wiki to make it available at times like this? I’m already seeding a couple of Arch isos (not pirate lingo).

I just want to help out.

Windows 👉 Vibeos

Not with the front end iptables. Linux can filter packets based on their source and destination IP, port and MAC address. It can also filter packets based on their state, being NEW,ESTABLISHED, RELATES,INVALID and UNTRACKED. You can check what processes are establishing connections with for instance ss or lsof -i and what commands or binaries/executables stand for those processes with for instance ps.

I know of no userland utility with which one could specify processes, command names or binaries/executables to block. Which might seem like a hassle from a Windows perspective, but the level of control that you achieve with Linux’s packet filtering is neat and it has taught loads about how networking and the Internet works. :)

😂🤮 I didn’t even look at them. Just quickly searched and copy-pasted shit for OP. 🤣

Dang it… Thanks for enlightening me!

US https://itsfoss.com/unixstickers-revamp/

EU https://www.teepublic.com/stickers/linux

Thank you! I will check out OpenStitch.

Thanks! That looks like a great way to learn what’s going on “under the hood”.

I finally understand your point. That’s true though with or without the use of a firewall. Not becoming infected by malware through ports that are otherwise used for common connections can preemptively only be achieved with good cyber hygiene. Once infected, I guess I’d need access control lists and/or software that blocks code execution based on signatures, but I’m not aware of such software for Linux.

The purpose is to block any connections that I haven’t explicitly allowed, since I don’t have the skills to vet all my binaries. Linux packages are as we know not immune.

It’s a pretty static system and I imagine I could write a script that notifies me if and when iptables blockes something outgoing (or when the kernel complains thereof).

Thanks! I actually did try that, at which point it said “/dev/stdin ASCII text” or the likes, so it’s like the file command literally read the stdin device. Which was extremely intriguing, but not what I wanted. God, I love Linux :D

Thanks! Yeah, I just came to the realization that this was more about my lack of understanding of the file command than anything else.