I use IPv6 local only. Everything else is IPv4. Reason being, my commercial VPN does not support IPv6 and I have reservations about leakage. My ISP already ships with IPv4 & IPv6.

my bone count is still 0

Truly sorry to hear that my man. There are meds that can get that bone count up.

I found an 8-year-old project on GitHub that had similar ideas but is unmaintained and not quite what I needed.

In the back on my mind I was thinking ‘I could have sworn I had seen Dockwell somewhere before’.

It’s one night of work, so take that for what it is

The honesty is refreshing.

It’s interesting for sure. I was intrigued when I saw OG Dockwell, but like you, saw it was quite stale.

Certainly. I don’t discount that any exploit is ‘really bad’. I like my OS of choice to be as free of exploits as it can possibly be. However, some of the material I was reading involved areas of Linux that I have little if any knowledge of value with, so I thought I’d as the question.

RFC: As I understand it this exploit requires local access and cannot be deployed remotely. Is this a correct analysis?

a month.

I do it for a whole year. lol

If this is real, I honestly do empathize with your situation. Try some local community outreach programs like food banks, child services, etc. There is no reason to be embarrassed by being down on your luck. Anyone who has lived on this planet for any length of time has been there too. I am sorry that I cannot help with your situation further, and I certainly hope you get things back on track for you and your family. Best wishes.

ETA: I am not aware of any such forums here on Lemmy that could help.

What I personally do is run an overlay VPN like tailscale and allow SSH in only via that.

Same. I use Tailscale as an overlay on the pFsense box and the server itself.

Just 54? Those are rookie numbers bro. You need to open up a few more ports. LOL Honestly tho, seems pretty standard. You could change the SSH port which might lower some of the noise but bots now days are pretty sophisticated and it would be trivial to just scan your server and find out which port is SSH. If you want to stop tailing fail2ban nervously on the daily, you could use the hosts.allow/hosts.deny which would lock it down even further. Just remember to set host.allow first then host.deny. You could also deploy any number of secondary security packages like CrowdSec, Wazuh, et al.

I’ll throw in my vote for pFsense. Pretty comprehensive package.

Weird

Dumbass here…why would a VPN block incoming connections? Seems counter to what a VPN does.

Absolutely. It’s quite effective.

Went back to Unbound on my OPNsense router.

Yeah. I get more mileage with pFsense + unbound

I have used Pi-Hole but not Technitium. As I understand it, Technitium has some more options than that of Pi-Hole + Unbound that power users may appreciate.

Sure, I get that. It’s just two things I don’t selfhost.: Password Managers, and anything financial.

Basically, because I feel that Bitwarden built this massive network with layers of security that I just don’t possess, and their track record is very good in that regard. Yes, they have had some breaches, but none that I am aware of where its central user database or encrypted vaults were exposed. The latest was a supply chain incident in April 2026 which was part of a broader supply chain attack affecting Checkmarx, not a direct compromise of Bitwarden’s infrastructure.

Ooof! I think I have a pretty robust network security deployment. I’m just not convinced 100%, and therefor I am prohibited from deploying any self hosted password manager. Too risky. I know there are 1000s of people who, and kudos to you for being able to sleep at night. Your security must rival the SCIFs.

As much as you may dislike Google, I got to hand it to them, they have and always have a ton of skunk works projects.

Or even better buy a mini PC with many net ports and install opnSense, but in this case you will need a separate wifi router and/or dedicated switch since any opnSense device will only work at perimeter level

I went with this option except using pFsense in lieu of OpnSense. My own modem, router, and managed switches.