Running a packet radio node is absolutely a security vulnerability for your network. The software used for packet radio is developed by amateur radio operators, in a non-professional capacity. Likewise, extra steps are necessary for this software to survive hard power cycling.

The purpose of this article is to highlight precautions to take when connecting your node to the Internet as well as stack reboot safety. We are not considering exploits through over-the-air routes, as these are largely hypothetical or difficult to carry out.

It's not a bad idea to establish correspondence and do the basic amount of due diligence to make sure you're not building infrastructure with people you don't want to be associated with.

When configuring forwarding and routes over the Internet to other BPQ nodes, use AXUDP and not AXIP. AXUDP works better with modern firewalls, while AXIP generally presents trouble.

You should run both router firewalls as well as OS level firewalls and start with the sane defaults of allowing all egress and denying all ingress outside of the local network subnet.

Using linux makes this easy with cron, udev, ALSA, and systemd services to manage stack startup sequences.

FARPN is currently developing automation scripts for managing firewalls and yggdrasil public key authentication as well as systemd service templates for our basic software stack.