What Firewall should I set up for my Dad's Fiber to the Property?
ฝัง
- เผยแพร่เมื่อ 16 ต.ค. 2024
- #FreeBSD #OpenSource #Unix #garyhtech #2023 reasons to use freebsd
There are a lot of firewall/router choices out there, which one will I pick for a Fiber to the Property install for my Dad?
Hint: www.pfsense.org/
Don't forget to check out my Discord server where you can talk open source operating systems and software
/ discord
FOSS
FreeBSD Handbook
FreeBSD Networking
FreeBSD PKG
FreeBSD ports tree
![[UNCUT] "บอสณวัฒน์" แฉ! แหล่งซุกเงินแก๊งบอส ขยันผิดที่ไม่กี่ปีก็เข้าคุก l คนดังนั่งเคลียร์ l17ต.ค.67](http://i.ytimg.com/vi/BL56qIfXYZM/mqdefault.jpg)
I would highly encourage you to NOT forward all those ports directly to your LAN... much better if you would segment your LAN in multiple VLAN (specifically to create something like WAN, DMZ, LAN etc), put your servers into the DMZ and port forward from WAN to DMZ. The security model would be something like 0-50-100 (where 0 is 'zero' security and 100 is maximum security) which would be your WAN-DMZ-LAN; firewall rules should reflect that only interfaces with highest security number can go towards the lower security one (while, of course, nothing from a lower security interface can traverse the towards the higher security one apart the traffic related to the port forward from WAN to DMZ). Having a port forward from WAN to LAN defeat completely the firewall function...
Pfsense, OPNSense, Mikrotik. All valid for the indicated purposes. Maybe Mikrotik has a higher curve of apprenticeship
-12:45-- You give me the creeps here, why would you completely open up your LAN network to the Internet? 💀-
This Rule actually doesn't do anything, my bad
Because he makes sure that all his applications and services are up to date with the relevant security patches etc. He probably also makes sure that transmission of sensitive information is encrypted end-to-end. Keep in mind that a packet filter, a.k.a. firewall, doesn't add that much security. True added value with regards to security is done on OSI layers 5 and up.
@@martinvandenbroek2532 If a packet filter (the "pf" in "pfSense" literally stands for "packet filter") isn't adding security, then why is he even bothering with using pfSense and not just bridge his LAN to the internet?
Not sure what he is doing here and he didn't explain why he added that rule. I don't think the rule makes any sense as it's on the WAN interface but the source is down as LAN subnets. He's not opened up his WAN interface to the whole internet as only IP's from his local subnet can connect to it, but I don't think the rule adds any value (how/why would an internal IP be connecting via the WAN interface)? Assume he's got confused as the rule should be on the LAN interface to allow IPV6 clients to communicate out of the LAN to the WAN, but it's already there by default in pfSense on the LAN interface and you can see it slightly further on in the video...