![](https://feddit.de/pictrs/image/4116753e-547b-404a-a523-f57570cf11c0.webp)
![](https://lemmy.world/pictrs/image/8286e071-7449-4413-a084-1eb5242e2cf4.png)
13·
8 months agoPut your external facing services behind the VPN, or at least put them in a separate VLAN that’s firewalled in such a way that they can’t reach the rest of the network if they become compromised.
Put your external facing services behind the VPN, or at least put them in a separate VLAN that’s firewalled in such a way that they can’t reach the rest of the network if they become compromised.
I would say there are better methods to solve this problem these days than a script. Check out Ansible or NixOS.