Turning on #IPFire (a hardened firewall distro) has made me paranoid. The intrusion detection system alerts on all the things now.

I cranked down the firewall in the DMZ to only allow the bare minimum outbound connectivity. I wrote k8s network policies so each pod is firewalled so it can only access the services it requires, and vice-versa, so if somebody can execute code remotely, they’re still stuck in a small sandbox isolated from the rest of the environment. None of the k8s environment is accessible from outside; all traffic must pass through haproxy. None of the devices on the WLAN can access the DMZ.

Hopefully I’ve made hard enough to get anywhere that the bad guys will just look for easier targets.

IPFire 2.27 – Core Update 182 freigegeben

https://linuxnews.de/ipfire-2-27-core-update-182-freigegeben/ #IPFire #Firewall

IPFire 2.27 - Core Update 182 freigegeben

Vor einem Monat erklärte Michael Tremer, Hauptentwickler der Open-Source-Firewall-Distribution IPFire, das Core Update 182 als bereit zum Testen. Jetzt wurde die Testversion als stabil erklärt.

Meine Gedanken von #IPFire zu #OPNsense zu wechseln werden langsam konkreter. Aktuell bin ich für mein privates Netzwerk (15-20 unterschiedlicher Geräte) auf der Suche nach einer zukunftssicheren Hardware (mind. 3x LAN) die auch nicht viel Strom verbraucht. Ein Monitor muss auch angeschlossen werden können.
Meine Recherche heben jetzt folgende zwei Geräte ergeben:
https://www.ipu-system.de/produkte/ipu662.html
oder
https://www.ipu-system.de/produkte/ipu654.html

• Was haltet ihr von dieser Hardware als OPNSense Gerät?
• Habt ihr alternative Vorschläge?
• Was verwendet ihr?

#FragDieFediverse #Followerpower #Firewall

"Although we always preach #IPFire is not meant to be installed and then forgotten, we believe this is what happens to a decent amount of installations out there" https://blog.ipfire.org/post/introducing-elementary-network-protection-dropping-all-traffic-from-and-to-hostile-networks-by-default #gnu #linux

Links 20/2/2022: #IPFire Test Release and #PeaZip 8.5.0 • Techrights ⚓ http://techrights.org/2022/02/20/peazip-8-5-0/ ䷉ #Techrights #GNU #Linux | ♾ Gemini address: gemini://gemini.techrights.org/2022/02/20/peazip-8-5-0/

Links 20/2/2022: IPFire Test Release and PeaZip 8.5.0

Links for the day

#IPFire 2.27 - Core Update 164 is available for testing • Tux Machines ⇨ http://www.tuxmachines.org/node/161672 #GNU #Linux #TuxMachines

#IPFire 2.27 - Core Update 163 released • Tux Machines ⇨ http://www.tuxmachines.org/node/161236 #GNU #Linux #TuxMachines #Security

#IPFire 2.27 - Core Update 163 is available for testing • Tux Machines ⇨ http://www.tuxmachines.org/node/160877 #GNU #Linux #TuxMachines

Links 21/12/2021: #EasyOS 3.1.17 and #IPFire 2.27 - Core Update 162 • Techrights ⚓ http://techrights.org/2021/12/21/easyos-3-1-17/ ䷉ #Techrights #GNU #Linux #FreeSW | ♾ Gemini address: gemini://gemini.techrights.org/2021/12/21/easyos-3-1-17/

Links 21/12/2021: EasyOS 3.1.17 and IPFire 2.27 - Core Update 162

Links for the day

#IPFire Linux Firewall Distro Is Now Powered by Linux Kernel 5.15 LTS • Tux Machines ⇨ http://www.tuxmachines.org/node/159377 #GNU #Linux #TuxMachines

#IPFire 2.27 - Core Update 162 released • Tux Machines ⇨ http://www.tuxmachines.org/node/159375 #GNU #Linux #TuxMachines

No Java, No Cry - #IPFire is NOT vulnerable to CVE-2021-44228 https://blog.ipfire.org/post/no-java-no-cry-ipfire-is-not-vulnerable-to-cve-2021-44228 #gnu #linux

New #IPFire version improves performance and includes exFAT support http://www.tuxmachines.org/node/158728#comment-32058

#IPFire 2.27 - Core Update 162 is available for testing • Tux Machines ⇨ http://www.tuxmachines.org/node/158728 #GNU #Linux #TuxMachines

#IPFire Linux Firewall Now Boosts Intrusion Prevention System’s Performance • Tux Machines ⇨ http://www.tuxmachines.org/node/158438 #GNU #Linux #TuxMachines

#IPFire 2.27 - Core Update 161 released • Tux Machines ⇨ http://www.tuxmachines.org/node/158420 #GNU #Linux #TuxMachines

IPFire 2.27 - Core Update 161 available for testing ⚓ https://blog.ipfire.org/post/ipfire-2-27-core-update-161-available-for-testing ䷉ #ipfire #gnu #linux #security

Feature Spotlight: Weaponising IPFire Location to proactively detect Fast Flux setups ⚓ https://blog.ipfire.org/post/feature-spotlight-weaponising-ipfire-location-to-proactively-detect-fast-flux-setups ䷉ #ipfire | more in http://schestowitz.com/2021/10/16/#latest

Links 5/10/2021: #IPFire 2.27 - Core Update 160, Xubuntu 21.10 Beta Walkthrough • 𝕋𝕖𝕔𝕙𝕣𝕚𝕘𝕙𝕥𝕤 ⚓ http://techrights.org/2021/10/05/ipfire-2-27/ ䷉ #Techrights #GNU #Linux #FreeSW | ♾ Gemini address: gemini://gemini.techrights.org/2021/10/05/ipfire-2-27/

Links 5/10/2021: IPFire 2.27 - Core Update 160, Xubuntu 21.10 Beta Walkthrough

Links for the day

#IPFire 2.27 - Core Update 160 released • 𝖳𝗎𝗑 𝖬𝖺𝖼𝗁𝗂𝗇𝖾𝗌 ⇨ http://www.tuxmachines.org/node/156445 #GNU #Linux #TuxMachines