#firewall
Today I lost to #haproxy. It kicked my ass in a way that I’m almost too embarrassed to fully detail.
Suffice it to say I may have discovered a bug but I’ll have to get back to detailing this shortly. It refused to acknowledge there was a backend server available even when it told me there was. Just mindblowing.
I was doing tcpdumps and still couldn’t even find evidence such an attempt was made on the network to find. Oh but it could tell me when the host went up and down. :P
#linux #firewall #bsdunix #unix #frustration
Some of these vulnerabilities had the potential to be exploited for accessing system files and administrator logs.
The configuration is correct, why doesn't it work?
Project Firewall: Switching from pfSense to OPNSense Lesson 1
If you reconfigure interfaces in opnsense, reboot!!
otherwise your config is in a strange state
just wasted an hour on it!
Not so great when you play with new hardware/software and you encounter such annoying glitches.
We're currently evaluating Shorewall [1] as a Firewall / iptables configuration tool.
Configuring iptables manually [2] works, but can get messy and thus is error prone. For our VPN server with its many customer VPNs, we are looking for a clearer solution that can be easily configured via configuration files. One of our developers has already used Shorewall and is impressed by the software. It was therefore a natural decision to take a look at it.
Initial experiments have gone well!
[1]: https://shorewall.org/
[2]: https://blog.zero-iee.com/posts/multi-tenant-wireguard-vpn-server/
"🚨 Urgent Security Update: Zyxel Patches 15 Vulnerabilities 🛡️"
Zyxel has urgently released patches for 15 security vulnerabilities affecting NAS, firewall, and AP devices. This includes three critical flaws (CVE-2023-35138, CVE-2023-4473, CVE-2023-4474) with CVSS scores of 9.8, posing serious risks of authentication bypass and command injection. The vulnerabilities impact models like NAS326 and NAS542. Users are strongly advised to update their devices immediately to avoid exploitation by threat actors.
Source: Zyxel security advisory
Tags: #CyberSecurity #Zyxel #Vulnerability #PatchUpdate #NetworkSecurity #ThreatPrevention #NAS #Firewall #AccessPoint 🚨🔐💻
- CVE-2023-35138: NVD - CVE-2023-35138
- CVE-2023-4473: NVD - CVE-2023-4473
- CVE-2023-4474: NVD - CVE-2023-4474
Bridging the gap between cloud vs on-premise security https://www.helpnetsecurity.com/2023/12/01/cloud-based-security/ #Expertanalysis #cloudsecurity #cybersecurity #Expertcorner #CatoNetworks #Don'tmiss #Hotstuff #firewall #opinion #policy #cloud #News
Major Security Flaws in Zyxel Firewalls, Access Points, NAS Devices https://www.securityweek.com/major-security-flaws-in-zyxel-firewalls-access-points-nas-devices/ #NetworkSecurity #Vulnerabilities #Ransomware #firewall #CISAKEV #Zyxel #NAS
Major Security Flaws in Zyxel Firewalls, Access Points, NAS Devices https://www.securityweek.com/major-security-flaws-in-zyxel-firewalls-access-points-nas-devices/ #NetworkSecurity #Vulnerabilities #Ransomware #firewall #CISAKEV #Zyxel #NAS
De gebruiker merkt er niets van, maar het heeft wel belangrijke voordelen: netwerkfunctievirtualisatie (NFV).
In een notendop: bij NFV vervang je routers of firewalls door generieke hardware met daarop specifieke software.
Hoe dat werkt, wat je ermee kunt en wat je er als instelling aan hebt, hoor je van Eyle Brinkhuis, netwerkspecialist bij SURF.
@josephholsten @Lulukaros @_bapt_ @chrisoffner3d @vaartis personally, I do basically exclusively deploy the combo of #pfSense / #OPNsense as #Router & #Firewall and #Ubiquiti #UniFi for #WiFi and #Switching, with rare edgecases like a remote site/edge router being done with a @Raspberry_Pi running #ipFire and shoved onto a #DIN-Rail...
Simply because UniFi sucks at Routing & VPN and pfSense sucks at WiFi...
https://www.youtube.com/watch?v=ouARr-4chJ8 video via @tomlawrence
Ubuntu 22.04 iptables command not working #networking #iptables #firewall #ufw #nftables
We took a little social media break last week. Check out what you missed on FOSSlife https://app.moosend.com/show_campaign/71e251aa-6d51-4059-8a75-e6841275364e #firewall #OpenSource #contribution #community #GitHub #AlmaLinux #Blender #Canonical #MicroCloud #jobs #events
I installed Portmaster[1] on Windows 10 (VM) and blocked Adobe Lightroom Classic. That made the whole software to freeze and become non-responsive.
319 connections so far, 0% blocked. The software talks to some subdomains for adobe.io (photos, lcs-cops, ic, lcs-robs, and a few more) and photoshop.com.
Oh how I wish darktable were just like Lightroom: automated and easy to use.
[1]: https://safing.io
#privacy #firewall #dns #OpenSource #darktable #lightroom #adobe
#Erfahrungen mit der #Great #Firewall of #China. Man kommt als Blogger aber auch nicht einfach so in den WordPress Zugang des Blogs hinein. Da muss man jetzt gar nicht einen politischen Blog betreiben oder versuchen konspirativ zu sein, es geht bei einem stinknormalen Reiseblog ohne irgendwelche politische Ambitionen einfach auch nicht.
This guide will demonstrate how to install Firewalld GUI and running on your Fedora 39. #firewall #firewalld #fedora #linux #opensource #firewallgui #cybersecurity #software
https://www.linuxcapable.com/install-firewalld-gui-on-fedora-linux/
Nueva release de #OPNsense 23.7.9.
https://forum.opnsense.org/index.php?topic=37173.msg181957#msg181957
Descargando que es gerundio!!!
#Firewall #HomeLab #SelfHosted #SelfHosting
Бородатый обманщик. Методика TARPIT в защите и нападении
Существует стратегия информационной безопасности, суть которой сводится к непропорциональному расходованию ресурсов атакующей стороны. Ресурсов вычислительных, временных и человеческих. Добро пожаловать под кат если вас интересует: Как затруднить атакующему фазу разведки? Отчего nmap может серьезно тормозить? Откуда берутся хосты с тысячами открытых портов? Как выявлять tarpit хосты и что с ними делать если вы занимаетесь аудитом ИБ. Что это вообще такое этот ваш tarpit? )
https://habr.com/ru/companies/webmonitorx/articles/775680/
#информационная_безопасность #уязвимости #кибербезопасность #взлом #атаки #tarpit #firewall #системное_администрирование #ловушка #honeypot
Introducing Sophos DNS Protection – Source: news.sophos.com https://ciso2ciso.com/introducing-sophos-dns-protection-source-news-sophos-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #Products&Services #SophosFirewall #DNSProtection #nakedsecurity #nakedsecurity #FEATURED #firewall #featured #Firewall #Network #network #DNS
This guide aims to demonstrate how to install Modsecurity 3 and OWASP CRS with Nginx on Fedora Linux. #modsecurity #owasp #fedora #opensource #cybersecurity #waf #server #vps #linux #infosec #firewall #nginx
https://www.linuxcapable.com/install-modsecurity-owasp-core-rule-set-with-nginx-on-fedora-linux/
Habe mir eine #Protectli #Firewall geholt, die ich dann demnächst zwischen Fritzbox und Glasfaser-Modem klemme, wenn denn endlich die Leitung da ist. Die Firewall lässt sich zwar per HDMI an einen Bildschirm klemmen, aber ich habe schon seit Jahren keine USB-Tastatur mehr im Haus.
Glücklicherweise war ein USB-UART-Kabel dabei, womit ich dann das Teil konfigurieren könnte. Blöderweise gibt es für macOS keine Treiber für den darin verbauten Controller und auf dem Dienst-Laptop bin ich kein Admin mehr, so dass ich den Windows-Treiber darauf nicht installieren kann.
Zum Glück bekam ich aber kürzlich mein allererstes Unibody MacBook Pro (Anno 2009) von meinem Onkel zurück, der das wegen seinem iPad nicht mehr benötigt und habe da aus Spaß an der Freude ein #ArchLinux drauf installiert. Damit komm ich auch an das BSD auf der Firewall, weil Linux zum Glück einen Treiber für das olle Kabel hat.
Nerdprobleme die Nerds nicht ohne ihr Nerdtum hätten 😅
fatedier / #frp: A fast reverse #proxy to help you expose a local #server behind a #NAT or #firewall to the internet.
frp is a fast reverse proxy that allows you to expose a local server located behind a NAT or firewall to the Internet. It currently supports #TCP and #UDP, as well as #HTTP and #HTTPS protocols, enabling requests to be forwarded to internal services via #domain name.
frp also offers a #P2P connect mode.
#OPNsense 23.7.8 has been released (#BSD / #HardenedBSD / #FreeBSD / #pfSense / #m0n0wall / #Security / #Firewall) https://opnsense.org/
#pfSenseCE 2.7.1 has been released (#pfSense / #Netgate / #BSD / #FreeBSD / #m0n0wall / #Security / #Firewall) https://pfsense.org/
Ich habe hier noch #RethinkDNS 054a laufen... mit der älteren Form des UI.
Sollte RethinkDNS öfter mal auf deaktiviert springen, lohnt ein Blick, ob eine andere App "im Hintergrund konkurriert" (z.B. #Blokada o.ä.). Hier aktuell 41 Tage aktiv...
Und achso, die App findet sich bei F-Droid:
#Rethink: #DNS + #Firewall (Firewall apps, monitor network activity, block malware, change DNS.)
https://f-droid.org/packages/com.celzero.bravedns/
I'm attempting to execute a Flask test file, but when attempting to access it through the browser, an error stating that the site cannot be reached #networking #server #iptables #firewall #ufw
configuration isn't stateless, it creates a file /var/lib/ipset.conf , so if you want to make changes like expiration time to the sets while they already exist, you will need to use ipset yourself.
And most importantly, because of the way the firewall service is implemented, if you don't use this file anymore, the firewall won't reload.
I've lost a lot of time figuring why: when #NixOS reloads the #firewall service, it uses the new reload script which doesn't include the cleanup from stopCommand, and this fails because the NixOS service didn't expect anything in the INPUT chain.
https://dataswamp.org/~solene/2022-09-29-iblock-implemented-in-nixos.html
👉 DDoS attacks shot up by 67% from Q2 to Q3, 2023. 📈 Defend against the surge!
📍 Discover effective techniques for identifying, analyzing, and mitigating attacks. Watch now! https://bit.ly/3SJJKW6
#ddos #ddosattacks #ddosprotection #ddosmitigation #CDN #ddossolutions #cybersecurity #waf #firewall #ddostechniques #apptrana #indusface
Spill the beans on your firewalling strategy – is it a fortress guarded by Security Groups with a no-entry policy for digital riffraff? How do you make sure your firewall rules are the bouncers of the cyber-club?
We've unveiled significant #firewall and XDR updates, including:
- Sophos Firewall ZTNA gateway access
- Sophos #XDR support for numerous third-party products
Altogether, the updates “advance the mission for us to get better and faster at detecting and responding to threats,” says Raja Patel, chief product officer at Sophos.
As the #CyberThreat landscape evolves, our team continues to push the envelope and develop new products and upgrades that simplify processes for partners and deliver superior cybersecurity outcomes for customers.
Kyle Alspach covers the updates in CRN: https://bit.ly/49t5pHM
Juniper networking devices under attack https://www.helpnetsecurity.com/2023/11/14/juniper-networking-devices-attack/ #JuniperNetworks #vulnerability #enterprise #Don'tmiss #WatchTowr #Hotstuff #firewall #exploit #News #CISA
Collaborative strategies are key to enhanced ICS security https://www.helpnetsecurity.com/2023/11/14/marko-gulan-schneider-electric-industrial-control-systems-security/ #identitymanagement #SchneiderElectric #riskassessment #accesscontrol #collaboration #cybersecurity #encryption #regulation #Don'tmiss #antivirus #framework #standards #Features #Hotstuff #firewall #strategy #training #opinion #News
Also am I doing anything stupid in these #firewall rules? In/out is basically limited to SSH for editing the site and Cloudflare serves the rest.
Just for extra security should anything hit direct instead of via cloudflare
Are You tired of Your IT departments blocking essential services(your self-hosted wireguard) on eduroam WiFi? Try encapsulating it with http/websockets !
https://sdr.li/post/chisel0/
https://sdr.li/post/chisel2/
#eduroam #firewall #chisel #sysop #admin #encapsulation #wireguard #bofh
How to ingest GCP Firewall\VPC logs into Microsoft Sentinel
#sentinel #microsoftsentinel #siem #soar #cgp #firewall #vpc #google #soc #analyst #cybersecurity #monitoring #threat #threatdetection #azure #cloud #cloudnative #microsoft #microsoftsecurity
👉 "Comprehensive coverage at an optimized cost, along with the ability to innovate faster."
That's the business benefit our customers enjoy after using the #AppTrana #WAAP.
Read the full review: https://bit.ly/47nlnRM
#waf #firewall #webapplicationfirewall #applicationsecurity #cyberthreats #webapplicationsecurity #cybersecurity #indusface
Firewall Types Explained: Choosing the Right Protection for Your Network – Source: securityboulevard.com https://ciso2ciso.com/firewall-types-explained-choosing-the-right-protection-for-your-network-source-securityboulevard-com/ #rssfeedpostgeneratorecho #SecurityBloggersNetwork #CyberSecurityNews #SecurityBoulevard #NetworkSecurity #firewall
Configuring #nftables rules to allow #SSDP both on my media server and desktop machine was not that straightforward. And there is so little information available.
This helped: https://github.com/mqus/nft-rules/blob/master/files/SSDP_client.md
Problem logging in due to firewall #networking #firewall #ufw
Can only access some servers on Linode VLAN #networking #vpn #firewall #openvpn
The download manager loses its access to the Internet after working for a while in ubuntu 23.10.1 #networking #softwareinstallation #configuration #firewall #2310
Download Manager doesn't access to internet after some time worked in ubuntu 23.10.1 #networking #softwareinstallation #configuration #firewall #2310
0*Newbie* Setting up a reverse proxy on home lab #networking #server #iptables #firewall #ufw
Update pfsense 23.09: Lots of work done to get to the supported version of OpenSSL 3 now the that OpenSSL version 1 is EOL & no longer supported. This is something other projects are still struggling with because moving to the new OpenSSL removes a large number of deprecated encryption and digest algorithms. This primarily affects OpenVPN.
https://www.netgate.com/blog/netgate-releases-pfsense-plus-software-version-23.09
Umzug meiner Friendica-Instanz
https://friendica.crazy-to-bike.de/display/268c015d-1465-4766-4499-4a8168387882
How to deal: external Jenkins port does not work #networking #firewall #portforwarding #jenkins
#Google has registered a #new #TLD, ideal for #phishing campaigns. Such TLDs are best blocked completely. How to do it? Let's see.
For example, we can use #firewall rules configured through #Intune. In Endpoint Security - Firewall, we create new Reusable settings where we add the domains in question.
We then create a new firewall rule that will target all network interfaces and all network types for outbound traffic. The action will of course be Block. And we will select the settings created in the previous step as the Reusable group. #tips #cybersecurity #security
Netgate Announces to Stop Offering pfSense Home+Lab
https://linuxiac.com/netgate-announces-to-stop-offering-pfsense-homelab/
Netgate discontinues the pfSense Home+Lab offering due to unauthorized redistribution. Dive into the reasons and repercussions.
💬 Falls Ihr eine tolle #Firewall für Euer Android Smartphone sucht, die OHNE Root funktioniert, dann werft mal einen Blick auf
👉 #Rethink: DNS + Firewall
Gibt's bei @fdroidorg
https://www.f-droid.org/packages/com.celzero.bravedns/
POSITIV: Jede einzelne Verbindung lässt sich überwachen
I hear that people think that a #firewall/#dhcp server like #pfSense / #OPNSense ought to be a discrete piece of #hardware, not just a #virtualized device because:
1. #network stability; no reboots on host #OS update
2. #firewall should get full control of NICs, probably for security sake?
Are these valid? Does the #ProxMox host have a lot of downtime? It seems to me that would be a deal breaker for a #homelab
What if I dedicate my NICs to the #router and use the wifi for management?
using only one or two system boards, as small as possible, how would you make a single device that housed both:
1. a #firewall, like #OPNsense or #pfSense
2. a full IDPS, like #SecurityOnion
i want to build a single housing that holds these two systems. idk if i can combine them with one system/ OS? how do you get full IDPS of a WAN port cheaply without a switch for port mirroring?
this would just be for home use, 1Gbps
We made this #animation in GIMP, inspired by the firewall setup called #DFCA that helps to expose and block #digitalFeudalism in software, and the internet.
Available here:
https://git.zzls.xyz/unsender/dfca
…also here:
https://notabug.org/dfca/dfca
We found the original wallpaper at #Unsplash, if you are interested we should be able to dig up the original link/photographer.
#digitalFeudalismCounterAction #fediArt #firewall #ownWork #cc0 #fediAnimation #technoFeudalism #photography #GIMP
You see a fifteenth century #firewall at work: protecting content from unauthorized access. #bookhistory #histodons
Tis zover: #6yo heeft een eerste toestel dat op het #internet kan. In sneltreinvaart nog een eigen vlan gemaakt en daar de nodige #parentalcontrol op gedefinieerd via rules op de #firewall, een VPN gedefinieerd voor als ze bij oma op de wifi onze #beveiliging wil omzeilen 😈 en #duckduckgo er op om toch een beetje te vermijden dat ze het profileren... ben ik nog iets vergeten? #dtv
The network permission in #GrapheneOS is such a #killerfeature. No need for a battery consuming #firewall.
Just updated my #Pfsense #Firewall and tweaked the blacklists a bit. I may have to do some more tweaking but look at all those things blocked in my network now.
Total IP addresses blocked by my firewall 80,616
Total domains blocked by my firewall 1,047,910
#infosec #Firewall #opensource #freebsd #linux #networking
Jetzt patchen! Tausende Juniper-Firewalls immer noch ohne Sicherheitsupdate
Aufgrund eines neuen Exploits sind Attacken auf Juniper-Firewalls jetzt noch einfacher. Sicherheitspatches sind verfügbar.
Mullvad @mullvadnet : Bug in #macOS 14 Sonoma prevents our app from working
Apparently deeper than just the Mullvad VPN app - #firewall rules don't look to be getting applied.
#vpn #bug #cybersecurity #security
https://mullvad.net/en/blog/2023/9/13/bug-in-macos-14-sonoma-prevents-our-app-from-working/
I wrote a real-time #firewall for #Linux, check it out here: https://github.com/MatejLach/dynafire
Firewall down? Time for a 0xc0ffee break! :blob_laughing:
#geek #humor #firewall #cybersecurity #infosec #coffee
https://www.etsy.com/listing/1541722710/geeky-humor-mug-firewall-down-coffee-up
#android folks
Please share your #firewall domain( for #bigtech app functions ) wise ip(hypothetical)/port rules or #tailscale subnet router examples ?
Appreciate
Block apps from accessing the Internet on Android device - Android Enthusiasts Stack Exchange
"If your kernel supports IPTables, you can use an app such as AFWall+ to control which apps have access to the internet."
#android #firewall #google https://android.stackexchange.com/questions/40924/block-apps-from-accessing-the-internet-on-android-device#:~:text=If%20your%20kernel%20supports%20IPTables%2C%20you%20can%20use%20an%20app%20such%20as%20AFWall%2B%20to%20control%20which%20apps%20have%20access%20to%20the%20internet.
Avoid the Hack: A Basic Guide to Router and Wireless Security for Regular People
Router and wireless #security are important for the home network, though a lot of guidance focuses on enterprise/business networks out there. SOHO routers tend to be limited, but they can still be "secured."
The checklist includes:
- Avoid using the #ISP router/equipment
- Change the #router admin password
- Turn off UPnP
- Use the router's #firewall
- Set a strong Wi-Fi password
- Keep router #firmware and your other devices updated
- BONUS: Use open-source router firmware
Firewalla added a new feature called Target List. Rather can creating individual rules for IPs, IP segments, or domains, target lists contain a list within a specific group.
Ex. Want to block all known cryptocurrency related hosts but don't want to create 1k+ rules? Create a block rule using the Crypto List target list that already includes 23,750 hosts!
https://help.firewalla.com/hc/en-us/articles/1500005941962-Firewalla-Feature-Target-List
#Firewalla #Firewall #Networking
And it's away! The #StarTrek: #Picard – #Firewall manuscript, some proposed back-cover copy, and some cool star charts for front matter have been submitted to my editors. Take =that=, deadline. #StarTrekBooks #SevenOfNine
@themagpi Hi, I was working on an #8bit sound card project for the #x86 #firewall over #LPCbus. It works fine now and fits in the case. BTW, I'm going to release it soon.
#retrogamig #retrocomputers
#raspberrypipico #RP2040 #pio #opensource #MagPiMonday
STOP WAITING FOR gutless #politicians to enforce #antitrust.
This #firewall for #linux not only blocks the likes of #Amazon, Microsoft, #Cloudflare, 'Twitter-buyer', #Google, and a few others, but also *tells you* with a little notification when it does.
Find #DigitalFeudalismCounterAction here:
https://git.zzls.xyz/unsender/dfca
…also here:
https://notabug.org/dfca/dfca
Find #torrent at tracker2.postman.i2p (I2P link).
#dfca #fediBlock #technoFeudalism #stopTechnoFeudalism #cageMafia #dotCons
@nixCraft This is just one more argument for blacklisting any #Alphabet (#Google) domains and stop being abused by any of the #gacemarfia 's
You know, when the number of sheep's in their farms are shrinking; they might understand they are on the wrong path of #Privacy
#mypdns #blacklist #RPZ #DNS #Firewall
Alphabet domains (We currently only have 580 domains... Please contribute): https://0xacab.org/my-privacy-dns/matrix/-/milestones/2
Comment, clarification:
#CDU #CSU Friedrich #Merz #Firewall (#Brandmauer) against Right was and is only a very holey crochet.
Franz v. Papen 1933 - Zentrum/NSDAP
IN CASE ANYONE WAS UNDER A ROCK someone has finally done it!
A #firewall setup that allows all(?) #linux users to not only block the likes of #Google, Amazon, #Cloudflare, Twitter-buyer, and more, but that also *tells you* with a slick notification when it does!
Its called '#DigitalFeudalismCounterAction' and it brings us great joy.
Install instructions:
https://notabug.org/dfca/dfca
Also available as torrent at tracker2.postman.i2p
Dabbling with #Alpine Linux 3.18.2 as a #Docker HOST system configured via #ansible. So far mostly fine.
Current pain point is configuring a #firewall to limit access to some ports.
- obviously `firewalld` isn’t available
- Don’t want to use `ansible.builtin.iptables` because that basically means manually writing firewall rules which is overly complicated for my use case.
- `community.general.awall` is just a stub
So #UFW and `community.general.ufw` it is then.
Other suggestions?
the number of seasoned #linux #users who don't know about #cockpit as a tool for administering both servers and desktops is astounding.
#firewall config, #systemd service management, #selinux troubleshooting, #container and virtual machine management, update installation and automating, #smb share creating and securing.
If you haven't installed cockpit on your distro of choice, check it out.
HAPPY TO ANNOUNCE someone's finally done it!
Finally a #firewall that allows all(?) #linux users to not only block the likes of #Google, Amazon, #Cloudflare, Twitter-buyer, and more, but that also *tells you* with a slick notification when it does!
Overjoyed r.n.
The install instructions (on I2P, change .su => .i2p):
http://upload.arav.su/f/qZ2RNrZeJcYS4QGj9svWCcfm6ySP4yrOF_0m5Ckx31Q/dfca-0.2.0.txt
Above link will work for 36 hours.
Also available as torrent at tracker2.postman.i2p
#fediBlock #technoFeudalism #dfca #i2pLife @aktivismoEstasMiaLuo
HAPPY TO ANNOUNCE someone has finally done it!
Finally a #firewall system that allows all(?) #linux users to not only block the likes of #Google, Amazon, #Cloudflare, Twitter-buyer, and more, but that also *tells you* with a slick notification when it does!
Overjoyed right now.
Install instructions (on I2P, change .su => .i2p):
http://upload.arav.su/f/qZ2RNrZeJcYS4QGj9svWCcfm6ySP4yrOF_0m5Ckx31Q/dfca-0.2.0.txt
Above link will work for 36 hours.
Also available as torrent at tracker2.postman.i2p
@schizanon@calckey.social I hear some grumblings about AMD #GPU support. #Intel seems to be the GPU most of these #emulator OSes mainly support. I hope I didn't make a mistake picking an #AMD box...
If so, I can return it. My router is a little overbuilt and it's an 11th gen i5 #NUC. I could get a more appropriate (for my now slower 1gig internet) #firewall box; maybe a dual core i3 or a celeron. Been needing to update my #pfSense install anyway. #homelab
🔥New version of 8G #Firewall (beta) now available: https://perishablepress.com/8g-firewall #security
Portmaster is a free and open-source application firewall that does the heavy lifting for you. Restore privacy and take back control over all your computer's network activity.
Available for Linux and Windows.
Source: https://github.com/safing/portmaster
NextDNS compatible: https://github.com/safing/portmaster/issues/291 #OpenSource #Privacy #Firewall #Software #Linux
Anonymes Surfen: Brave-Browser integriert VPN- und Firewall-Dienst
Brave weitet die Verfügbarkeit des integrierten VPN- und Firewall-Dienstes auf die Desktop-Version aus. Datenschutz wird versprochen – dieser hat seinen Preis.
heise+ | Thin Firewall: Stromsparende Firewall mit Thin Client bauen
Die günstig erhältlichen Thin Clients haben genug Rechenleistung für eine einfache DIY-Firewall. Aber wie erweitert man sie um zusätzliche Netzwerkanschlüsse?
@nlnetlabs @maarten Here you can see @maarten talking on top of a real #firewall.
Jetzt patchen! Tausende Firewalls von Sophos angreifbar
Sicherheitsforscher haben das Internet auf verwundbare Sophos-Firewalls gescannt und sind fündig geworden. Sicherheitspatches gibt es seit Dezember 2022.
#CVE20223236 #Firewall #Patches #Security #Sicherheitslücken #Sophos #Updates #hotfix
Bonus pro tip for site-to-site VPN admins: IPsec VPNs introduce an overhead of 62 bytes on every packet, reducing the MTU from 1500 to 1438. [Actual number varies.]
Mangle each TCP connection as it goes through the VPN by clamping the TCP MSS header value to 1398 (new MTU minus TCP overhead of 40 bytes).
It was impossible to do this on Cisco policy-based firewalls but on Mikrotik, where the firewall is essentially iptables, it's easy.
/ip firewall mangle
add action=change-mss chain=forward comment="Clamp TCP MSS for packets being encapsulated into IPsec VPN" \
dst-address=10.0.0.0/8 in-interface-list=LAN ipsec-policy=out,ipsec new-mss=1398 passthrough=yes protocol=tcp \
src-address=10.0.0.0/8 tcp-flags=syn tcp-mss=!1-1398
add action=change-mss chain=forward comment="Clamp TCP MSS for packets being decapsulated from IPsec VPN" \
dst-address=10.0.0.0/8 ipsec-policy=in,ipsec new-mss=1398 out-interface-list=LAN passthrough=yes protocol=tcp \
src-address=10.0.0.0/8 tcp-flags=syn tcp-mss=!1460-65535
My blog is not dead! Read about mysterious traffic flows to #NextDNS blocked domains with my @FirewallaLLC #firewall and how I fixed the problem. https://www.derekseaman.com/2022/12/mysterious-odd-traffic-flows-with-nextdns-firewalla-firewall.html
Here are the CLI commands to check for the file artifacts on a #fortigate to determine if your system was affected by the vulnerability in CVE-2022-42475:
fnsysctl ls /data/lib
fnsysctl ls /data/var
These were not documented in the PSIRT. You can run them directly on the fortigate, script them through a #fortimanager or through the cloud management console.
#infosec #netsec #firewall #fortinet
Which Firewall or Network security appliance do you use in your HomeLab or at work?
@zoesqwilliams We have had #firewall #apps on our #phones for years. They are simple and effective. They will stop unwanted traffic both in & outbound.
Here's two we use:
For everyone: https://f-droid.org/en/packages/eu.faircode.netguard/
For those with a rooted #mobile - https://f-droid.org/en/packages/dev.ukanth.ufirewall/
F-Droid is a Free and Open Source Software (FOSS) #Android repository.
@selea maybe this is a stupid question from a newbie #mastoadmin running a single user instance, but how does a domain suspension work? And how does one set it up?
I’ve done ip blocks on a #firewall level in the past, but this is a new concept to me.