FreshTomato Wiki

User Tools

Site Tools

Trace:
basic_hardening

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
basic_hardening [2026/01/07 23:30] – [Firewall Settings] hogwildbasic_hardening [2026/01/09 23:50] (current) – [VPN Connections] -Condense hogwild
Line 12: Line 12:
     * Change the password to a strong, unique one. \\ This is crucial. Many attacks rely on default credentials.     * Change the password to a strong, unique one. \\ This is crucial. Many attacks rely on default credentials.
  
-  * Enable HTTPS for router access: Secure the web interface by setting local access to use secure HTTPS instead of HTTP FIXME+  * Enable HTTPS for router access: Secure the web interface by setting local access to use secure HTTPS instead of HTTP.
  
  
Line 25: Line 25:
   * Disable UPnP in the [[forward-upnp|UPnP IGD & PCP]] menu. Universal Plug and Play is known to be insecure and should be disabled, unless absolutely required.   * Disable UPnP in the [[forward-upnp|UPnP IGD & PCP]] menu. Universal Plug and Play is known to be insecure and should be disabled, unless absolutely required.
  
-  * In the [[admin_access|Admin Access]] menu, set a low value in the "//Limit Communication to//" field to limit SSH / Telnet requests. This helps prevent DDoS attacks. FIXME Should this be here?+  * In the [[admin_access|Admin Access]] menu, set a low value in the "//Limit Communication to//" field to limit SSH / Telnet requests. This helps prevent DDoS attacks. FIXME Does this belong in this section?
  
  
Line 76: Line 76:
   * Disable NAT loopback.   * Disable NAT loopback.
  
-  * While it is not, per se, a firewall function, if you are not using IPSEC passthrough, disable it in the Conntrack/Netfilter menu.+  * Unless you're using an IPSEC VPN, disable IPSEC Passthrough in the Conntrack/Netfilter. While not, per se, a firewall function, this will remove open NAT entries in your router.
  
  
Line 98: Line 98:
   * Use a website to check for DNS leaks. Also use them to test your DNS server information. If it leaks, you're not hiding your digital identity. Recommended websites include: [[https://www.dnsleaktest.com|dnsleaktest.com]], [[https://controld.com/tools/dns-leak-test|controld.com]] and [[https://ipleak.net/|ipleak.net]] \\ \\    * Use a website to check for DNS leaks. Also use them to test your DNS server information. If it leaks, you're not hiding your digital identity. Recommended websites include: [[https://www.dnsleaktest.com|dnsleaktest.com]], [[https://controld.com/tools/dns-leak-test|controld.com]] and [[https://ipleak.net/|ipleak.net]] \\ \\ 
   * Configure a kill switch.  A kill switch is basically a policy-based routing rule to ensure that when the VPN tunnel/encryption is dropped, FreshTomato will drop your Internet connection to the VPN provider. This prevents you from using the Internet while your real IP address is exposed.\\ \\    * Configure a kill switch.  A kill switch is basically a policy-based routing rule to ensure that when the VPN tunnel/encryption is dropped, FreshTomato will drop your Internet connection to the VPN provider. This prevents you from using the Internet while your real IP address is exposed.\\ \\ 
-  * Consider using a Stubby server for DNS resolution. Stubby allows for secure+  * Consider using a Stubby server for DNS resolution. Stubby enhances DNS privacy by allowing DNS over TLS (“DoT”). DoT sends DNS queries via a secure (TLS-encrypted) connection. Note that network devices which use Stubby to resolve DNS queries, or point DNS queries to a router using Stubby will not have ads blocked by  the Adblock feature.
  
  
basic_hardening.1767828634.txt.gz · Last modified: by hogwild

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki