As the title says, I want to know the most paranoid security measures you’ve implemented in your homelab. I can think of SDN solutions with firewalls covering every interface, ACLs, locked-down/hardened OSes etc but not much beyond that. I’m wondering how deep this paranoia can go (and maybe even go down my own route too!).

Thanks!

  • After reading this thread I’m apparently not paranoid enough.

    Internet facing services are on their own firewalled vlan (dmz), behind a rev proxy, and I have crowdsec running on the proxy and router.

    Anything that can get away with putting up on a vps I have (e.g. this Lemmy server). But some things have storage/compute requirements I’m not willing to shell out for.