blip zip blog

Since the point of this blog is self-reflection, I'll start that now.

iptables

Before

Prior to this, I've always survived with ufw when I've needed a firewall. It's been simple, and I've never needed to do more than limit port access. I've been baffled by the various tables and rules that get mashed in by e.g., Docker; definitely a case of seeing something new and assuming it's far too complicated to understand.

Now

I can write rules on the fly for the sorts of use cases I have, namely allowing traffic based on: – IP – Port – Protocol – Connection state

Next

So far I've just bunged everything into the default tables and I'm going to explore those more. Particularly with WireGuard interfaces, where everything gets spun up and torn down on a whim, I think it would make more sense to extend INPUT/OUTPUT/FORWARD via dedicated tables.

Docker-compose

Before

I only had a very basic grasp of how Docker worked, and putting an abstraction on top of it with networking and state was too much to manage. I've since used Docker a load more, starting from base images and building up hardened images from scratch.

Now

I've got enough confidence to use it, but still a fair way to go before I'm good writing it from memory without a basic structure.

Next

Carry on where I am unless I have another reason to go and learn more.

Systemd timers over crontab

Before

It's been ages since I last set up a cron job, and I couldn't remember the arg I've always used in the past (it was crontab -e). I googled it to see, and was shown a bunch of articles explaining the metrics of systemd timers. Sidenote: out of interest, I asked ChatGPT for a modern way of doing scheduling tasks on Ubuntu 24.04 LTS (which comes with systemd) and it still recommends crontab.

Now

I know they exist!

There's plenty of other stuff that I've left out, mostly networking. Next recap will cover those.