Hardening domain

Network & Firewall

A host should only accept the traffic it truly needs. This domain builds a default-deny firewall with nftables/firewalld, closes unused ports, and tunes network sysctls to resist spoofing, redirects, and floods.

nftables Firewall Baseline for Linux Servers
Build a default-deny nftables firewall, harden network sysctls, and shrink your exposed service footprint on any Linux server.

All posts in this series

nftables Firewall Baseline for Linux Servers

Build a default-deny nftables firewall, harden network sysctls, and shrink your exposed service footprint on any Linux server.

3/4/2026

nftablesfirewallnetworksysctl