I recently switched from #ipfire to #pfsense, partially for the latter’s support for #IPv6. I’ve been using IPv6 for years, but there’s still more to learn. Here’s a nice primer:

https://gist.github.com/timothyham/dd003dbad5614b425a8325ec820fd785

A Short IPv6 Guide for Home IPv4 Admins

A Short IPv6 Guide for Home IPv4 Admins. GitHub Gist: instantly share code, notes, and snippets.

Setting up #OpenVPN on #pfSense was very easy. There’s a wizard that does most of the heavy lifting for you (PKI, firewall rules, client profiles) and unlike #ipfire it actually works.

I wish that the #wireguard configuration was as easy; I’ve never gotten it to work on any platform. Regardless, I now have good VPN connectivity to the LAN.

I switched my router from #ipfire to #pfsense. The support of IPv6 was enough, but it just seems like a better product overall. It took about an hour to convert everything (sorry for the downtime), but it’s up and running seems great.

Turning on #IPFire (a hardened firewall distro) has made me paranoid. The intrusion detection system alerts on all the things now.

I cranked down the firewall in the DMZ to only allow the bare minimum outbound connectivity. I wrote k8s network policies so each pod is firewalled so it can only access the services it requires, and vice-versa, so if somebody can execute code remotely, they’re still stuck in a small sandbox isolated from the rest of the environment. None of the k8s environment is accessible from outside; all traffic must pass through haproxy. None of the devices on the WLAN can access the DMZ.

Hopefully I’ve made hard enough to get anywhere that the bad guys will just look for easier targets.

IPFire 2.27 – Core Update 182 freigegeben

https://linuxnews.de/ipfire-2-27-core-update-182-freigegeben/ #IPFire #Firewall

IPFire 2.27 - Core Update 182 freigegeben

Vor einem Monat erklärte Michael Tremer, Hauptentwickler der Open-Source-Firewall-Distribution IPFire, das Core Update 182 als bereit zum Testen. Jetzt wurde die Testversion als stabil erklärt.

Meine Gedanken von #IPFire zu #OPNsense zu wechseln werden langsam konkreter. Aktuell bin ich für mein privates Netzwerk (15-20 unterschiedlicher Geräte) auf der Suche nach einer zukunftssicheren Hardware (mind. 3x LAN) die auch nicht viel Strom verbraucht. Ein Monitor muss auch angeschlossen werden können.
Meine Recherche heben jetzt folgende zwei Geräte ergeben:
https://www.ipu-system.de/produkte/ipu662.html
oder
https://www.ipu-system.de/produkte/ipu654.html

• Was haltet ihr von dieser Hardware als OPNSense Gerät?
• Habt ihr alternative Vorschläge?
• Was verwendet ihr?

#FragDieFediverse #Followerpower #Firewall

"Although we always preach #IPFire is not meant to be installed and then forgotten, we believe this is what happens to a decent amount of installations out there" https://blog.ipfire.org/post/introducing-elementary-network-protection-dropping-all-traffic-from-and-to-hostile-networks-by-default #gnu #linux

Links 20/2/2022: #IPFire Test Release and #PeaZip 8.5.0 • Techrights ⚓ http://techrights.org/2022/02/20/peazip-8-5-0/ ䷉ #Techrights #GNU #Linux | ♾ Gemini address: gemini://gemini.techrights.org/2022/02/20/peazip-8-5-0/

Links 20/2/2022: IPFire Test Release and PeaZip 8.5.0

Links for the day

#IPFire 2.27 - Core Update 164 is available for testing • Tux Machines ⇨ http://www.tuxmachines.org/node/161672 #GNU #Linux #TuxMachines

#IPFire 2.27 - Core Update 163 released • Tux Machines ⇨ http://www.tuxmachines.org/node/161236 #GNU #Linux #TuxMachines #Security

#IPFire 2.27 - Core Update 163 is available for testing • Tux Machines ⇨ http://www.tuxmachines.org/node/160877 #GNU #Linux #TuxMachines

Links 21/12/2021: #EasyOS 3.1.17 and #IPFire 2.27 - Core Update 162 • Techrights ⚓ http://techrights.org/2021/12/21/easyos-3-1-17/ ䷉ #Techrights #GNU #Linux #FreeSW | ♾ Gemini address: gemini://gemini.techrights.org/2021/12/21/easyos-3-1-17/

Links 21/12/2021: EasyOS 3.1.17 and IPFire 2.27 - Core Update 162

Links for the day

#IPFire Linux Firewall Distro Is Now Powered by Linux Kernel 5.15 LTS • Tux Machines ⇨ http://www.tuxmachines.org/node/159377 #GNU #Linux #TuxMachines

#IPFire 2.27 - Core Update 162 released • Tux Machines ⇨ http://www.tuxmachines.org/node/159375 #GNU #Linux #TuxMachines

No Java, No Cry - #IPFire is NOT vulnerable to CVE-2021-44228 https://blog.ipfire.org/post/no-java-no-cry-ipfire-is-not-vulnerable-to-cve-2021-44228 #gnu #linux

New #IPFire version improves performance and includes exFAT support http://www.tuxmachines.org/node/158728#comment-32058

#IPFire 2.27 - Core Update 162 is available for testing • Tux Machines ⇨ http://www.tuxmachines.org/node/158728 #GNU #Linux #TuxMachines

#IPFire Linux Firewall Now Boosts Intrusion Prevention System’s Performance • Tux Machines ⇨ http://www.tuxmachines.org/node/158438 #GNU #Linux #TuxMachines

#IPFire 2.27 - Core Update 161 released • Tux Machines ⇨ http://www.tuxmachines.org/node/158420 #GNU #Linux #TuxMachines

IPFire 2.27 - Core Update 161 available for testing ⚓ https://blog.ipfire.org/post/ipfire-2-27-core-update-161-available-for-testing ䷉ #ipfire #gnu #linux #security