#firewall — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #firewall, aggregated by home.social.
-
Update for IPFire: Faster VPN thanks to OpenVPN 2.7
With OpenVPN 2.7 and Data Channel Offloading, VPN throughput in IPFire increases to up to 10 GBit/s. The update also closes critical kernel vulnerabilities.
-
Update for IPFire: Faster VPN thanks to OpenVPN 2.7
With OpenVPN 2.7 and Data Channel Offloading, VPN throughput in IPFire increases to up to 10 GBit/s. The update also closes critical kernel vulnerabilities.
-
Update for IPFire: Faster VPN thanks to OpenVPN 2.7
With OpenVPN 2.7 and Data Channel Offloading, VPN throughput in IPFire increases to up to 10 GBit/s. The update also closes critical kernel vulnerabilities.
-
Update for IPFire: Faster VPN thanks to OpenVPN 2.7
With OpenVPN 2.7 and Data Channel Offloading, VPN throughput in IPFire increases to up to 10 GBit/s. The update also closes critical kernel vulnerabilities.
-
Update for IPFire: Faster VPN thanks to OpenVPN 2.7
With OpenVPN 2.7 and Data Channel Offloading, VPN throughput in IPFire increases to up to 10 GBit/s. The update also closes critical kernel vulnerabilities.
-
Update für IPFire: Schnelleres VPN dank OpenVPN 2.7
Mit OpenVPN 2.7 und Data Channel Offloading steigt der VPN-Durchsatz in IPFire auf bis zu 10 GBit/s. Dazu schließt das Update kritische Kernel-Lücken.
-
Update für IPFire: Schnelleres VPN dank OpenVPN 2.7
Mit OpenVPN 2.7 und Data Channel Offloading steigt der VPN-Durchsatz in IPFire auf bis zu 10 GBit/s. Dazu schließt das Update kritische Kernel-Lücken.
-
Update für IPFire: Schnelleres VPN dank OpenVPN 2.7
Mit OpenVPN 2.7 und Data Channel Offloading steigt der VPN-Durchsatz in IPFire auf bis zu 10 GBit/s. Dazu schließt das Update kritische Kernel-Lücken.
-
Update für IPFire: Schnelleres VPN dank OpenVPN 2.7
Mit OpenVPN 2.7 und Data Channel Offloading steigt der VPN-Durchsatz in IPFire auf bis zu 10 GBit/s. Dazu schließt das Update kritische Kernel-Lücken.
-
Update für IPFire: Schnelleres VPN dank OpenVPN 2.7
Mit OpenVPN 2.7 und Data Channel Offloading steigt der VPN-Durchsatz in IPFire auf bis zu 10 GBit/s. Dazu schließt das Update kritische Kernel-Lücken.
-
How to Configure Additional #Firewall Rules on Rocky Linux VPS (5 Minute Guide)
This article provides a guide for how to configure additional firewall rules on Rocky Linux VPS for improved #security of your system.
How to Configure Additional Firewall Rules on Rocky Linux VPS
This tutorial will guide you through the process of configuring additional firewall rules on a Rocky Linux VPS using ...
Continued 👉 https://blog.radwebhosting.com/how-to-configure-additional-firewall-rules-on-rocky-linux-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.social #sshcommands #rockylinux #serverhardening #vpsguide -
How to Configure Additional #Firewall Rules on Rocky Linux VPS (5 Minute Guide)
This article provides a guide for how to configure additional firewall rules on Rocky Linux VPS for improved #security of your system.
How to Configure Additional Firewall Rules on Rocky Linux VPS
This tutorial will guide you through the process of configuring additional firewall rules on a Rocky Linux VPS using ...
Continued 👉 https://blog.radwebhosting.com/how-to-configure-additional-firewall-rules-on-rocky-linux-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.social #sshcommands #rockylinux #serverhardening #vpsguide -
How to Configure Additional #Firewall Rules on Rocky Linux VPS (5 Minute Guide)
This article provides a guide for how to configure additional firewall rules on Rocky Linux VPS for improved #security of your system.
How to Configure Additional Firewall Rules on Rocky Linux VPS
This tutorial will guide you through the process of configuring additional firewall rules on a Rocky Linux VPS using ...
Continued 👉 https://blog.radwebhosting.com/how-to-configure-additional-firewall-rules-on-rocky-linux-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.social #sshcommands #rockylinux #serverhardening #vpsguide -
How to Configure Additional #Firewall Rules on Rocky Linux VPS (5 Minute Guide)
This article provides a guide for how to configure additional firewall rules on Rocky Linux VPS for improved #security of your system.
How to Configure Additional Firewall Rules on Rocky Linux VPS
This tutorial will guide you through the process of configuring additional firewall rules on a Rocky Linux VPS using ...
Continued 👉 https://blog.radwebhosting.com/how-to-configure-additional-firewall-rules-on-rocky-linux-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.social #sshcommands #rockylinux #serverhardening #vpsguide -
Wieder Zero-Day Angriffe gegen Palo Alto Firewall
Und täglich grüßt das Murmeltier. Wieder ein amerikanischer Hersteller von proprietärer Netzwerktechnik, dessen Zero-Day "Sicherheitslücke" (Hintertür) von wahrscheinlich staatlich unterstützten Hackern angegriffen wird. Der Netzwerk-Ausrüster Palo Alto ist und ja schon öfter begegnet. Die CISA hat die Lücke CVE-2026-0300 bereits in den KEV Katalog aufgenommen. Normalerweise bedeutet das eine Anweisung an die Behörden, Updates gegen die betreffende Lücke innerhalb kürzester Frist einzuspielen. Nur dass im vorliegenden
#Allgemein #Empfehlung #Hintergrund #Warnung #0day #closedsource #cybercrime #exploits #firewall #foss #hersteller #hintertr #opensource #router #sicherheit #spionage #UnplugTrump #usa #vorbeugen
-
El test de buffer bloat da super bien, categoria A, lo que dice que la latencia no aumenta tanto bajo demanda. El pfSense rutea bien y mantiene la QoS razonablemente bien, ademas pasamos todas las listas de bloqueo a Quick Tables flotantes que con el doble de cache en el CPU se nota #undernet #pfsense #firewall #seguridad #mejoras #mantenimiento
-
El test de buffer bloat da super bien, categoria A, lo que dice que la latencia no aumenta tanto bajo demanda. El pfSense rutea bien y mantiene la QoS razonablemente bien, ademas pasamos todas las listas de bloqueo a Quick Tables flotantes que con el doble de cache en el CPU se nota #undernet #pfsense #firewall #seguridad #mejoras #mantenimiento
-
El test de buffer bloat da super bien, categoria A, lo que dice que la latencia no aumenta tanto bajo demanda. El pfSense rutea bien y mantiene la QoS razonablemente bien, ademas pasamos todas las listas de bloqueo a Quick Tables flotantes que con el doble de cache en el CPU se nota #undernet #pfsense #firewall #seguridad #mejoras #mantenimiento
-
El test de buffer bloat da super bien, categoria A, lo que dice que la latencia no aumenta tanto bajo demanda. El pfSense rutea bien y mantiene la QoS razonablemente bien, ademas pasamos todas las listas de bloqueo a Quick Tables flotantes que con el doble de cache en el CPU se nota #undernet #pfsense #firewall #seguridad #mejoras #mantenimiento
-
El test de buffer bloat da super bien, categoria A, lo que dice que la latencia no aumenta tanto bajo demanda. El pfSense rutea bien y mantiene la QoS razonablemente bien, ademas pasamos todas las listas de bloqueo a Quick Tables flotantes que con el doble de cache en el CPU se nota #undernet #pfsense #firewall #seguridad #mejoras #mantenimiento
-
Hoy el servidor me bloqueó la IP mientras estaba en Rocha. El firewall quedó muy filoso y estoy tuneando de a poco las reglas y filtros que son un poco excesivos. Si alguien experimentó bloqueos y me quiere comentar, le agradezco. #undernet #seguridad #firewall #pfsense
-
Hoy el servidor me bloqueó la IP mientras estaba en Rocha. El firewall quedó muy filoso y estoy tuneando de a poco las reglas y filtros que son un poco excesivos. Si alguien experimentó bloqueos y me quiere comentar, le agradezco. #undernet #seguridad #firewall #pfsense
-
Hoy el servidor me bloqueó la IP mientras estaba en Rocha. El firewall quedó muy filoso y estoy tuneando de a poco las reglas y filtros que son un poco excesivos. Si alguien experimentó bloqueos y me quiere comentar, le agradezco. #undernet #seguridad #firewall #pfsense
-
Hoy el servidor me bloqueó la IP mientras estaba en Rocha. El firewall quedó muy filoso y estoy tuneando de a poco las reglas y filtros que son un poco excesivos. Si alguien experimentó bloqueos y me quiere comentar, le agradezco. #undernet #seguridad #firewall #pfsense
-
Hoy el servidor me bloqueó la IP mientras estaba en Rocha. El firewall quedó muy filoso y estoy tuneando de a poco las reglas y filtros que son un poco excesivos. Si alguien experimentó bloqueos y me quiere comentar, le agradezco. #undernet #seguridad #firewall #pfsense
-
Wieder Zero-Day Angriffe gegen Palo Alto Firewall
Und täglich grüßt das Murmeltier. Wieder ein amerikanischer Hersteller von proprietärer Netzwerktechnik, dessen Zero-Day "Sicherheitslücke" (Hintertür) von wahrscheinlich staatlich unterstützten Hackern angegriffen wird. Der Netzwerk-Ausrüster Palo Alto ist und ja schon öfter begegnet. Die CISA hat die Lücke CVE-2026-0300 bereits in den KEV Katalog aufgenommen. Normalerweise bedeutet das eine Anweisung an die Behörden, Updates gegen die betreffende Lücke innerhalb kürzester Frist einzuspielen. Nur dass im vorliegenden
#Allgemein #Empfehlung #Hintergrund #Warnung #0day #closedsource #cybercrime #exploits #firewall #foss #hersteller #hintertr #opensource #router #sicherheit #spionage #UnplugTrump #usa #vorbeugen
-
Wieder Zero-Day Angriffe gegen Palo Alto Firewall
Und täglich grüßt das Murmeltier. Wieder ein amerikanischer Hersteller von proprietärer Netzwerktechnik, dessen Zero-Day "Sicherheitslücke" (Hintertür) von wahrscheinlich staatlich unterstützten Hackern angegriffen wird. Der Netzwerk-Ausrüster Palo Alto ist und ja schon öfter begegnet. Die CISA hat die Lücke CVE-2026-0300 bereits in den KEV Katalog aufgenommen. Normalerweise bedeutet das eine Anweisung an die Behörden, Updates gegen die betreffende Lücke innerhalb kürzester Frist einzuspielen. Nur dass im vorliegenden
#Allgemein #Empfehlung #Hintergrund #Warnung #0day #closedsource #cybercrime #exploits #firewall #foss #hersteller #hintertr #opensource #router #sicherheit #spionage #UnplugTrump #usa #vorbeugen
-
Wieder Zero-Day Angriffe gegen Palo Alto Firewall
Und täglich grüßt das Murmeltier. Wieder ein amerikanischer Hersteller von proprietärer Netzwerktechnik, dessen Zero-Day "Sicherheitslücke" (Hintertür) von wahrscheinlich staatlich unterstützten Hackern angegriffen wird. Der Netzwerk-Ausrüster Palo Alto ist und ja schon öfter begegnet. Die CISA hat die Lücke CVE-2026-0300 bereits in den KEV Katalog aufgenommen. Normalerweise bedeutet das eine Anweisung an die Behörden, Updates gegen die betreffende Lücke innerhalb kürzester Frist einzuspielen. Nur dass im vorliegenden
#Allgemein #Empfehlung #Hintergrund #Warnung #0day #closedsource #cybercrime #exploits #firewall #foss #hersteller #hintertr #opensource #router #sicherheit #spionage #UnplugTrump #usa #vorbeugen
-
Wieder Zero-Day Angriffe gegen Palo Alto Firewall
Und täglich grüßt das Murmeltier. Wieder ein amerikanischer Hersteller von proprietärer Netzwerktechnik, dessen Zero-Day "Sicherheitslücke" (Hintertür) von wahrscheinlich staatlich unterstützten Hackern angegriffen wird. Der Netzwerk-Ausrüster Palo Alto ist und ja schon öfter begegnet. Die CISA hat die Lücke CVE-2026-0300 bereits in den KEV Katalog aufgenommen. Normalerweise bedeutet das eine Anweisung an die Behörden, Updates gegen die betreffende Lücke innerhalb kürzester Frist einzuspielen. Nur dass im vorliegenden
#Allgemein #Empfehlung #Hintergrund #Warnung #0day #closedsource #cybercrime #exploits #firewall #foss #hersteller #hintertr #opensource #router #sicherheit #spionage #UnplugTrump #usa #vorbeugen
-
Rygel est un serveur UPnP facile à déployer. MAIS, quand on veut l'utiliser dans Ubuntu 24, à cause d'apparmor, ça ne marche pas vraiment. https://gnome.pages.gitlab.gnome.org/rygel/faq.html#i-am-on-ubuntu-and-rygel-reports-access-denied-for-folders-that-used-to-work-previously #upnp #server #software #astuce #sécurité #firewall #configuration
-
Rygel est un serveur UPnP facile à déployer. MAIS, quand on veut l'utiliser dans Ubuntu 24, à cause d'apparmor, ça ne marche pas vraiment. https://gnome.pages.gitlab.gnome.org/rygel/faq.html#i-am-on-ubuntu-and-rygel-reports-access-denied-for-folders-that-used-to-work-previously #upnp #server #software #astuce #sécurité #firewall #configuration
-
Rygel est un serveur UPnP facile à déployer. MAIS, quand on veut l'utiliser dans Ubuntu 24, à cause d'apparmor, ça ne marche pas vraiment. https://gnome.pages.gitlab.gnome.org/rygel/faq.html#i-am-on-ubuntu-and-rygel-reports-access-denied-for-folders-that-used-to-work-previously #upnp #server #software #astuce #sécurité #firewall #configuration
-
Rygel est un serveur UPnP facile à déployer. MAIS, quand on veut l'utiliser dans Ubuntu 24, à cause d'apparmor, ça ne marche pas vraiment. https://gnome.pages.gitlab.gnome.org/rygel/faq.html#i-am-on-ubuntu-and-rygel-reports-access-denied-for-folders-that-used-to-work-previously #upnp #server #software #astuce #sécurité #firewall #configuration
-
#checkpoint basically says whoever is developing #public #internet facing software needs #AI to find #exploits before others find them (any program that exchanges messages)
#firewall #virusscanner #endpointprotection good but not enoughhttps://blog.checkpoint.com/artificial-intelligence/claude-mythos-wake-up-call-what-ai-vulnerability-discovery-means-for-cyber-defense/ #cyber #cybersecurity
-
R82 fresh install, migrate_server import, policy installed.
It’s always more nerve wracking at home with limited resources and no TAC support to back you up than in a production environment.
If you know, you know.
-
Mastering Linux Firewalls: A Deep Dive into Netfilter and iptables
In this article, I cover how iptables works, its architecture, and practical firewall configuration techniques.
https://denizhalil.com/2025/12/31/netfilter-iptables-firewall-configuration-guide/#CyberSecurity #LinuxSecurity #iptables #Netfilter #NetworkSecurity #Firewall #InfoSec #BlueTeam #DevSecOps #securityengineering #ITSecurity #denizhalil
-
IPFire in the cloud? Yes.
It’s available as an AMI on AWS, giving you full control with none of the complexity of native cloud firewalls.
#CloudSecurity #OpenSource #AWS #Firewall https://www.ipfire.org/downloads/cloud -
Enterprises need flexibility, not lock-in.
IPFire offers an open-source firewall platform that works across environments — including AWS.
#CloudSecurity #Firewall #OpenSource #AWS https://www.ipfire.org/downloads/cloud -
Обзор аппаратного файервола Zyxel USG Flex 100AX
За последние 20 лет интернет сильно изменился. Сейчас уже не встретить вырвиглазного Flash-баннера с мигающей надписью «Click me!» и примитивного трояна по ту сторону гиперссылки. Почти все современные сайты де-факто используют TLS и этим защищают пользователя от перехвата чувствительных данных. Всё больше законодательных инициатив направлено на то, чтобы сделать интернет безопаснее. Вот только интернет по-прежнему остаётся достаточно опасным местом для тех, кто пренебрегает основами сетевой безопасности. И если домашнему пользователю порой достаточно установить какой-либо программный комплекс антивирусной и сетевой защиты, то в рамках даже небольшого бизнеса возникает необходимость в более серьёзной защите. Сегодня у нас на обзоре аппаратный файервол Zyxel USG Flex 100AX, являющийся продолжателем славных традиций линейки ZyWALL и предназначенный для работы в небольших офисных сетях. Традиционно, в нашем блоге на Хабре, мы развинтим эту железку и посмотрим на неё изнутри, чтобы вам этого делать не пришлось. Наливайте себе кружечку крепкого чая и добро пожаловать под кат.
-
Using a Raspberry Pi 2 Model B as a router/firewall for the home LAN
Since 1999 I have been using a 1996 vintage DEC PII desktop as the router/firewall between the internet and my home network. The DEC computer came to me with Win95 (or possibly Win98) in 1998, got SuSE linux and started its mission as router and firewall (and CUPS server, and IMAP server, and various other server stuff). When upgrading the SuSE installation to a newer version went south, it spent a while running ThomasEz’s floppyfw, until I used a floppy net install to install debian potato, immediately switched it to debian testing, until debian woody arrived, when it was moved to debian stable, and then I just kept running “apt-get dist-upgrade” until I finally had it running debian 8 “jessie” on june 6 in 2015.
The old DEC desktop has survived its maker company, survived lightning strikes that have sent the power supplies and/or main boards of other computers on the same LAN into continously beeping mode (i.e. broken). However, in December 2015 it started acting up, and crashing with irregular intervals (sometimes two weeks, sometimes one day).
So… the time for a replacement would have to be not too far ahead. The question was what to replace it with?
The simplest solution would be to just get a wireless router with a cabled switch. But that would mean:
- No possibilities for SSH or mosh into the home LAN
- No ntop
- No support for netboot and TFTP in the home LAN
- Limited, cumbersome and inflexible firewall setup
My requirements were:
- Cheap
- Two wired NICs
- The ability to run debian
- Preferrably fanless
- Compact
ThomasEz immediately suggested using a raspberry pi with two NICs, but I thought that would be too puny, and I investigated alternatives like Shuttle Barebone DS57U but I found that the raspberry pi alternative was so cheap, I might as well order one.
And then it turned out to be so simple to set up so I had it up and running before I really had decided on anything, so now the r-pi is what I have.
This is what I ordered:
- Raspberry Pi 2 Model B Starter Kit
- TP-Link UE300 USB 3.0 to GbE Adapter (it was listed as being supported out of the box on raspberry pi)
Here’s what I did:
- Downloaded the Raspbian Jessie Lite image to a debian jessie computer and unpacked it into the /tmp directory
- Plugged an USB SD card reader into the debian computer, and followed the instructions in Installing operating system images on Linux
- I plugged the cheapest USB keyboard I could get from my local teknikmagasinet store into one of the USB port, yanked the HDMI cable from the DVD player and plugged the r-pi into the TV, plugged a network cable into the local LAN, and plugged in the power… and the raspberry pi booted quickly into the familiar debian login
- I logged in with the built-in “pi” user with password “raspberry”, and created my own user with the following command line command:
adduser sb
the changed the password of the root user and removed the pi user
- I copied in a public ssh keys from my other computers, and put them into the ~/.ssh/authorized_keys file and then opened /etc/ssh/sshd_conf in a text editor and modified it in the following way:
- Disabled root login by changing
PermitRootLogin without-password
to
PermitRootLogin no
- Disabled password login by changing
#PasswordAuthentication yes
to
PasswordAuthentication no
(removed the comment and changed “yes” to “no”)
- Disabled root login by changing
- Edited /etc/hostname to change the name from the default “raspberrypi” to “ocon”
- Rebooted the pi to check the startup state of the ssh daemon and ssh’d in
- Resized the disk to fill the entire SD card:
- Typed the command
raspi-config
- Selected
1 Expand Filesystem Ensures that all of the SD card storage is available to the OS
and got the response
Root partition has been resized.The filesystem will be enlarged upon the next reboot
- Rebooted the system to get the full 16GB in the file system
- Typed the command
- Updated the system by giving the following command line commands:
apt-get updateapt-get dist-upgrade
(the “update” command updates the local package database against the package servers. The “dist-upgrade” command upgrades all packages that have a newer version, and the required dependencies)
- Installed some useful software:
- GNU emacs (my favorite text editor)
apt-get install emacs
- mosh
apt-get install mosh
- git (I’ve got my home directory versioned in git)
apt-get install git
- rcs (I use it to version control operating system configuration files)
apt-get install rcs
- GNU emacs (my favorite text editor)
- I cloned my home directory in git and created a new branch (I have a different branch for each computer)
- I set the built-in NIC permanently as eth0:
export INTERFACE=eth0export MATCHADDR=`ip addr show $INTERFACE | grep ether | awk '{print $2}'`/lib/udev/write_net_rules - I added configuration for a second NIC by adding the following to /etc/network/interfaces:
# The internal network cardallow-hotplug eth1iface eth1 inet static address 10.10.10.1 netmask 255.255.255.0
- I plugged in the USB NIC to have it appear, and then made the USB NIC permanently eth1 with the following command line commands:
export INTERFACE=eth1export MATCHADDR=`ip addr show $INTERFACE | grep ether | awk '{print $2}'`/lib/udev/write_net_rules - Installed dnsmasq
apt-get install dnsmasq
- Edited /etc/dnsmasq.conf to make dnsmasq respond to DHCP requests on eth1:
- Removed the comment in front of
#interface=
and set “eth1” as the value:
interface=eth1
- Uncommented the domain directive
#domain=thekelleys.org.uk
and changed it to my domain
domain=hjemme.lan
- Uncommented the dhcp-range directive
#dhcp-range=192.168.0.50,192.168.0.150,12h
and changed it to a 10.10.10.* range with a 5h lease on the addresses
# Our HOME LAN 5h lease timedhcp-range=10.10.10.6,10.10.10.40,5h
- Removed the comment in front of
- Opened the /etc/hosts file in a text editor and added the raspberry pi itself, to so that DNS lookups of the raspberry pi will work in a LAN where the raspberry pi is handling the DHCP requests (dnsmasq will handle DNS requests for the IP addresses it has given DHCP leases to, as well as what it finds in the hosts file. The rest is delegated to the upstream DNS server)
127.0.0.1 localhost::1 localhost ip6-localhost ip6-loopbackff02::1 ip6-allnodesff02::2 ip6-allrouters127.0.1.1 ocon# local hosts10.10.10.1 hjemme ocon hjemme.hjemme.lan ocon.hjemme.lan
- Edited the /etc/sysctl.conf file to set up IPv4 routing in the linux kernel, removed the comment in front of the net.ipv4.ip_forward line:
# Uncomment the next line to enable packet forwarding for IPv4net.ipv4.ip_forward=1
- ferm is a utility that makes it easy to set the routing and firewall rules at boot time
- Installed ferm using apt-get from a command line:
apt-get install ferm
- Modified the /etc/ferm/ferm.conf file to allow everything inside t oroute out, but only allow ssh in
@def $DEV_WORLD = eth0;@def $DEV_PRIVATE = eth1;def $NET_PRIVATE = 10.10.10.0/24;table filter { chain INPUT { policy DROP; # connection tracking mod state state INVALID DROP; mod state state (ESTABLISHED RELATED) ACCEPT; # allow local packet interface lo ACCEPT; # allow private net interface $DEV_PRIVATE ACCEPT; # respond to ping proto icmp ACCEPT; # allow IPsec proto udp dport 500 ACCEPT; proto (esp ah) ACCEPT; # allow SSH connections proto tcp dport ssh ACCEPT; } chain OUTPUT { policy ACCEPT; # connection tracking #mod state state INVALID DROP; mod state state (ESTABLISHED RELATED) ACCEPT; } chain FORWARD { policy DROP; # connection tracking mod state state INVALID DROP; mod state state (ESTABLISHED RELATED) ACCEPT; # connections from the internal net to the internet or # to other internal nets are allowed interface $DEV_PRIVATE ACCEPT; # the rest is dropped by the above policy }}table nat { chain POSTROUTING { # masquerade private IP addresses saddr $NET_PRIVATE outerface $DEV_WORLD MASQUERADE; }}
- Installed ferm using apt-get from a command line:
- The version of ferm in “jessie” doesn’t start at boot, because “jessie” dropped SYSV init in favour of systemd, and the version of ferm in “jessie” doesn’t have a systemd configuration, so I needed to manually download and install the version of ferm from debian testing (I downloaded from regular debian, since ferm doesn’t have anything platform specific):
cd /tmpwget http://ftp.no.debian.org/debian/pool/main/f/ferm/ferm_2.2-5_all.debdpkg --install /tmp/ferm_2.2-5_all.deb
- fail2ban monitors log files of daemons and adjust the firewall rules to temporary ban hosts it suspects of intrusion attempts. The debian (and raspbian) version of fail2ban will out of the box scan the logs for ssh intrusion attempts, so no configuration is necessary
- To have an easy way of monitoring the network traffic in and out of the home LAN, I installed ntop ng
apt-get install ntopng
after the installation it is possible to monitor the network traffic by accessing http://ocon.hjemme.lan:3000 (the interesting traffic will be seen after selecting eth1)
- The Network Time Protocol is how computers stay in sync, installing the ntp package will make the gateway keep network time, a
apt-get install ntp
- Opened the /etc/ntp.conf file in a text editor, and modified it to provide an NTP deamon for the home LAN, uncommented the “broadcast” line and modified the network match to match the 10.10.10.* network:
# If you want to provide time to your local subnet, change the next line.# (Again, the address is an example only.)broadcast 10.10.10.255
- Installed the apticron utility to make sure that the APT database is updated daily with new candidates for update
apt-get install apticron
The original plan was to run the raspberry pi headless, but since I had an old VGA only LCD display for the old DEC computer I might as well hook it up the raspberry pi, together with the cheap USB keyboard used for setup.
I bought an HDMI to VGA converter with the manufacturer id VLMP34900W0.20. I plugged it in between the display and the raspberry-pi the display stayed black. I edited the /boot/config.txt file, removing the comment in front of the hdmi_safe line:
# uncomment if you get no picture on HDMI for a default "safe" modehdmi_safe=1
I rebooted the raspberry pi, and this time the LCD displayed showed the boot messages as well as a normal console login prompt.
The raspberry pi 2 model B, with an extra USB NIC, a USB keyboard and connected to a VGA display using an HDMI to VGA converterAnd this is where the current state is. One initial concern was flash wear on the SD card, which doesn’t have the wear leveling features of a “real” SSD, so I had some plans on making the /var/log use tmpfs.
But I decided not to, since having real persistent logs is a useful thing for a gateway, and since 16GB is actually an awful lot of data if all you do is to write textual files. And ff the SD card wears out I’ll just by a new SD card, and make a new system. Since I now know how, this shouldn’t take long
#debian #dnsmasq #fail2ban #ferm #firewall #ipMasquerading #jessie #mosh #ntop #raspbian #raspbian8 #raspbianJessie #router #ssh
-
Matthias Wübbeling explains various sources of threat intelligence and how to use the information to improve your organization's security https://www.fosslife.org/understanding-threat-intelligence-infrastructure-security #security #tools #infrastructure #networking #SystemAdministration #firewall #NIDS #HIDS
-
Threat Intelligence: Matthias Wübbeling explains how to deal with threat intelligence on the corporate network when existing security tools are not effective https://www.admin-magazine.com/Archive/2022/71/Diving-into-infrastructure-security #security #ThreatIntelligence #network #infrastructure #trackers #firewall #NIDS #antivirus
-
Suite à la panne mondiale de Cloudflare, une mise à jour de l'article d'il y a trois semaines « Sites sous pare-feu, avec leur RSS inaccessible » (feat Cloudflare Shutdown) ne s'impose-t-il pas ?
https://atlasflux.saynete.net/index.php?article=sitessousparefeuavecleurrssinaccessible
#rss #parefeu #firewall #cloudflare #cybersecurite #interoperabilite
-
Buenos días #fediverso! #TZAG
Les comento que esta semana tenemos todos los #cursos de #juncotic en #descuento para seguidores! 🔥
Pueden acceder a cada #curso al mejor precio de #udemy hasta fin de mes.
Todos los enlaces de descuento acá: 👇
Ojalá les sirva y lo puedan aprovechar!
La #oferta es por tiempo limitado ⌛
Cualquier duda sobre el acceso, contenido, u otras formas de pago me escriben! 💬
#gnu #linux #ssh #firewall #python #flask #wireshark #scripting #lpic
-
Buenos días #fediverso! #TZAG
Les comento que esta semana tenemos todos los #cursos de #juncotic en #descuento para seguidores! 🔥
Pueden acceder a cada #curso al mejor precio de #udemy hasta fin de mes.
Todos los enlaces de descuento acá: 👇
Ojalá les sirva y lo puedan aprovechar!
La #oferta es por tiempo limitado ⌛
Cualquier duda sobre el acceso, contenido, u otras formas de pago me escriben! 💬
#gnu #linux #ssh #firewall #python #flask #wireshark #scripting #lpic
-
Buenos días #fediverso! #TZAG
Les comento que esta semana tenemos todos los #cursos de #juncotic en #descuento para seguidores! 🔥
Pueden acceder a cada #curso al mejor precio de #udemy hasta fin de mes.
Todos los enlaces de descuento acá: 👇
Ojalá les sirva y lo puedan aprovechar!
La #oferta es por tiempo limitado ⌛
Cualquier duda sobre el acceso, contenido, u otras formas de pago me escriben! 💬
#gnu #linux #ssh #firewall #python #flask #wireshark #scripting #lpic
-
Buenos días #fediverso! #TZAG
Les comento que esta semana tenemos todos los #cursos de #juncotic en #descuento para seguidores! 🔥
Pueden acceder a cada #curso al mejor precio de #udemy hasta fin de mes.
Todos los enlaces de descuento acá: 👇
Ojalá les sirva y lo puedan aprovechar!
La #oferta es por tiempo limitado ⌛
Cualquier duda sobre el acceso, contenido, u otras formas de pago me escriben! 💬
#gnu #linux #ssh #firewall #python #flask #wireshark #scripting #lpic
