Firewalls can log dropped packets.

Kid friendly, except the predatory parts.

It depends on what you’re trying to do with it. Typically people only use Macs as servers when they’re doing development for Apple products.

Provide them with VPN access. If that’s too much for them, then they don’t get access. Tough. On the scale of security vs convenience, that’s nothing.

If you really really want, you should at least see if you can put a WAF in front, and put the server itself somewhere it doesn’t have access to the rest of your network (a DMZ) so that if and when it gets hacked, it doesn’t compromise the entire network.

Step one is check with the university IT department. Don’t put random unmanageable shit on other people’s networks.

Why a Mac running Linux? I can’t think of a use case for that.

I still don’t recommend putting jellyfin on the Internet. It’s not designed for it. There are some API endpoints you can access without authentication, not to mention potential authentication bypass vulnerabilities.

5 minutes is also probably too frequent. Leases are usually significantly longer. You might hit a rate limit and get blocked.

Then yes. The VPS provider will get it instead.

Probably through that link in your screenshot that says “logs”. Or directly on the server. Consult the documentation.

as well as replacing “pow-wow” with “huddle” or “meeting”

What if you are indigenous American? Can you still say it then? Or are all cultural references banned from language?

Safe from what?

And if you want to make it fancy, make that a wrapper script that checks the incoming file type. MP3s get transcoded, text files get opened, …

What’s in the logs?

If it’s on the Internet, yes.

Given the state of the Internet, you should keep a healthy level of paranoia. I always recommend exposing as little as possible, and that means using only a VPN and not putting jellyfin itself on the Internet.

Technically yes, but as long as your WAN gateway doesn’t provide a route, clients will only know how to reach your own gateway.

Agreed. Separate device. If your VM or hypervisor dies, or you misconfigure something, you take your Internet down. Not a fun thing to recover from.

You only need one port. WAN to switch, switch to router. The router routes and sends it back to the switch, and the switch to the LAN. Vice versa for outbound traffic. It’s called a router on a stick.

Not recommended if you’re paranoid about security, because a malicious client or particularly malformed inbound traffic could bypass your router. For general use it’s perfectly fine.

Pretty much any router will handle that.

If you want do open source, you can do something like opnwrt on hardware they support. Or, build the whole thing yourself with opnsense on any device that can run FreeBSD.

That they haven’t done, in my experience. I deleted Snapchat a while ago, but I don’t recall it prompting me repeatedly to enable location. I’m still on Instagram now, and I’ve had the location permission off probably forever, and I’ve never noticed it asking for it.

The point of a stable distro is reproducibility.

They’ve been doing that since they added Instagram stories years ago.