Fail2ban is not a static security policy.

It’s a dynamic firewall. It ties logs to time boxed firewall rules.

You could auto ban any source that hits robots.txt on a Web server for 1h for instance. I’ve heard AI data scrapers actually use that to target big data rather than respect web server requests.

Routing takes place on layer 3 (ip) so destinations are ip networks and hosts.

Each packet you create has a destination IP. Your computer looks at your route table to see where it goes by matching the destination ip with each network. It will be sent to the most specific match first and your default gateway last.

If you’re default gateway is you’re vpn server via your vpn interface then you just need to add more specific route for destinations of interest through a different gateway (you’re router) via the physical interface

Raw disk access is a privilege in Linux, usually reserved for root.

You could have root change the permissions on the directory to allow another user or group write access.

goes to Google, on the raw network, and on the VPN.

You can’t “go” to a destination on two networks in a single request. It’s all packets on a wire, if it comes from two sources, it was two requests.

Unless you mean two different requests. As in while on the VPN everything is tunneled, and while not on the VPN it’s not, but this is the opposite of what the OP was asking for. He wants the VPN on for some use cases, and off for others. That’s split tunneling.

He’ll likely wind up with difficulties around trying to figure out which destinations he doesn’t want routed through the VPN, because there’s no way to do it by protocol, since routing happens on layer 3, not 4 or 7. He’ll likely need to know those address in advance.

Interesting. There’s no difference in my dialect.

One NIC is fine

Told my wife and kids they can run whatever they want if they don’t involve me. If you want me to help with computer issues then I’m installing Linux.

If you don’t want that, you better learn how to computer because you’re on your own

Canadian with a shitty mobile keyboard, that’s all.

Swipe keyboard. It picks random yours, and I’m exhausted from flying all day so I didn’t proof read.

Yes that’s called routing.

You don’t bind it to a NIC, you specify the destinations you want forwarded to each interface. Your VPN connection is just another interface.

If you’re looking for good docs, you may want to Google split tunnel vpn, and also bone up on your networking.

A few static routes should get you what you need

Pfsense is built on this, but it has some free software issues.

OpnSense was a pfsense fork from some of them original creators, that is free software.

Both are fantastic.

I can see this being a breaking change for some strange edge cases and (ab)uses.

Neo4j might with

Pass uses GPG and git under the hood.

You create keys to encrypt your data, and keep the encrypted data in git locally which can be cloned to github, gitlab and the like.

It’s just files on your computer, so you can back them up that way, or use a thumb drive as a remote git repo and push to it.

Day to day Type pass and tab complete to find the entry. Enter the command and be prompted to unlock it. It will then print the credentials to the terminal.

To create a new password, you type and add command followed by a name and a text editor opens up for you to type credentials in, or it can generate them for you.

To keep your backup up to date you just git push to the remote of your choice. I use github

It very well could be these days. It could also be default settings that are better on Linux for certain activities. The network stack is highly tunable.

The majority of the Internet’s routing and switching architecture is BSD based. Historically it had the most stable and performant network stack of all the OSs.

I used it extensively at one job in a previous life when I was a network appliance developer. It was rock solid and lightning fast. Tried it as a desktop at home and had a terrible experience.

The little differences in the Unix commands used to drive me nuts as well…

Doubt. You probably need to set the file owners in your volume to the same user running in the container.

Pass can’t do this.

It’s a cli tool, so you can call it within another call using dollar sign syntax

terraform apply --var "myvalue=$(pass path/to/value)"

I’m using pass at home, but I’ve used hashicorp vault at a few jobs with great success.

IBM just forked it to openBao as well to get around the business license, if that’s a concern for your. But honestly I’d trust hashicorp more than IBM at this point.