Security without firewall ?

[Abigel]

Most people use a firewall like Pfsense to make their unraid system secure. But I don't want to have another instance that I have to watch out for on a regular basis and that in case of a failure the whole system will be down.
Is it possible to have good security without a firewall ?
So that the containers cannot talk to the host and only talk to each other if desired?
And from the host only through a certain password protected interface into the network of containers?
Or maybe completely different ?
Please help me and give me some advice

 

 

 

 

If this is the wrong area for such a question, I apologise and ask to be moved to the right area. Thanks

[Ford Prefect]

On 11/20/2020 at 10:58 AM, Abigel said:

Most people use a firewall like Pfsense to make their unraid system secure. But I don't want to have another instance that I have to watch out for on a regular basis and that in case of a failure the whole system will be down.

...what does your statement mean...about having "another instance"?...already have one? Then use it....enable VLANS and separate your containers, VMs and such.

[Abigel]

I mean that I do not want to have more things to manage.

[Ford Prefect]

IMHO there is no such thing as a free lunch.

If you want your Dockers, VMs and other services separated, I suggest to run different VLAN...in order to manage these, you will need a proper Router (and Switch) suitable for the task. This router can be your existing ISP-Router, an additional piece of hardware (or replaceent of your ISP-Router) or a router VM in unraid.

I'd suggest the latter if you only have your networks inside unRaid...should you also have different LANs, wired or wireless (like with different SSIDs), use a real router outside of unraid.

 

...running a simpler version, just for dockers is possible, see: https://docs.docker.com/network/ ...but involves some management as well, without the additional flexibility.