[dend]

You do. That's why I wouldn't recommend it to anyone unless they absolutely know what they're doing. Can't tell you how many friends I had to have a talk with who had plain vanilla port forwarding done on their home router, exposing their entire home network to the web.

Nowadays, I recommend them use Tailscale as an out-of-the-box Wireguard-based VPN to safely connect to their home servers from remote locations.

[rmoriz]

To be honest, as an IT professional you should have basic knowledge about firewalls. nft/nftables is a big improvement in firewall usability for Linux, I also know many homelab people using OPNSense or even DD-WRT for that job. I prefer plain Linux (distro of your choice, I don't judge) and nft.

Tutorials:

- https://wiki.gentoo.org/wiki/Nftables/Examples

- https://wiki.archlinux.org/title/Nftables

- and probably the best advanced tutorial is a video series https://www.youtube.com/watch?v=K8JPwbcNy_0&list=PLUF494I4KU...

TL;DR One should know firewall fundamentals, nft/nftables as successor of iptables is very convenient to use, a single config document instead of interactiving with 100 cli commands which have to be in a specific order.