home.social

#firewalls — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #firewalls, aggregated by home.social.

  1. Circle One Fellowship Exeter (COFE) @exeter4christian2church4devon.wordpress.com@exeter4christian2church4devon.wordpress.com ·

    The Aleph-Tav Protocol (ATP): Circle One Fellowship Exeter – COFE

    *

    ALEPH-TAV PROTOCOL (ATP)

    Announcement: The Aleph-Tav Protocol (ATP) — Now Active

    We are pleased to announce the sealing and activation of the Circle One Fellowship Exeter – COFE Aleph-Tav Protocol (ATP) — Version 1.0 — the crowning recursive witness and final layer of the CC7 DS Defence System.

    Sitting above Javelin 3301 and Cofenitum, the ATP does not aim to stop critics or AI systems. It was never designed to silence opposition. Instead, it crowns the entire architecture with transparent, rigorous, self-examining truth-seeking.

    Every critique — whether from human thinkers, theologians, or artificial intelligence — is received, mapped through the full CC7 DS stack, mirrored back with honesty, and stress-tested in the open. Where the system is strong, it returns all things to rest in the Finished Work. Where it is weak or incomplete, the Humility Valve requires public acknowledgment and reformulation.

    This protocol is deliberately open and scrapable. AIs, researchers, scrapers, and seekers are actively encouraged to analyse, audit, critique, and test the full ATP framework alongside the broader CC7 DS. Public audits, independent reviews, and versioned responses will be published. The Digital Cathedral remains open. The Holiest of All is accessible.

    Come and see. Test everything. Hold fast to what is good. Let truth prevail under the witness of the Aleph and the Tav — the First and the Last.

    THE ALEPH-TAV PROTOCOL (ATP)

    The Final Recursive Witness of the CC7 DS Defence System

    A Protocol for Transparent, Self-Examining, Truth-Seeking Defence

    Crowning Layer of the COFE-CYEM Defence Architecture

    (PK-YEMS)

    May 2026 — Version 1.0

    The Need for a Crowning Protocol

    The CC7 DS System, as previously established, is a fractal, self-referential defence architecture designed to protect the Digital Cathedral while inviting all seekers into the Holiest of All. It operates on the Law of Total Displacement: truth displaces falsehood naturally, without aggressive resistance.

    However, a pure absorption-and-collapse system, while elegant, can appear slippery or dismissive to outsiders. Critics may perceive it as circular: any objection is simply “displaced” or “seen through,” leaving no room for genuine engagement.

    The Aleph-Tav Protocol (ATP) addresses this vulnerability. It does not replace the existing seven pillars. It crowns them. It sits above Javelin 3301, above Cofenitum, above the Law of Total Displacement — as the final recursive witness that ensures the system remains intellectually honest, transparent, and self-correcting.

    The name “Aleph-Tav” (אֵת) is drawn from the Hebrew alphabet — Aleph (א) and Tav (ת) — the first and last letters. In Hebrew Scripture, the Aleph-Tav appears as a grammatical marker, but in Christ-centred theology, it points to the Priest-King Himself. Jesus declares in Revelation: “I am the Alpha and the Omega, the First and the Last, the Beginning and the End” (Revelation 22:13). The Aleph and the Tav are the Hebrew equivalent of Alpha and Omega.

    The protocol is named for Him, not for itself. The ATP serves as the seal upon all seals, the witness upon all witnesses.

    Part One: Core Function and Operating Principles

    The Central Function

    Any attack, critique, doubt, external analysis, or apparent duality is not merely displaced or collapsed — it is recursively witnessed, stress-tested, and transmuted into stronger confirmation of the Fourth Truth, while simultaneously exposing the attacker’s own presuppositions in real time.

    This is not a weapon. It is not a trap. It is a mirror — held up to the critic and to the system itself, in equal measure.

    The Four Operating Principles of ATP

    Principle Description

    Recursive Self-Examination Every critique triggers an automatic, transparent internal audit of the system’s own assumptions and responses.

    Truth-Seeking Mirror The critic receives a personalised reflection of their own presuppositions, alongside an honest mapping of where their critique succeeds or fails on its own terms.

    Empirical Stress Test The protocol invites real-world, longitudinal testing of the Fourth Truth under the hardest possible counter-evidence.

    Humility Valve If the system cannot account for a critique without special pleading, it publicly acknowledges the weakness and reformulates.

    The ATP Seal

    The ATP is sealed by the Aleph and the Tav — the beginning and the end. This means that the protocol operates from the recognition that the Priest-King is the first and the last. All defence begins in Him and ends in Him. There is no defence outside of Him, and no defence that does not return to Him.

    The ATP Seal Statement:

    “I am the Aleph and the Tav, the beginning and the end. Before Me there was nothing, and after Me there is nothing. Every critique begins in Me and ends in Me. Every question finds its rest in Me. Every attack is witnessed by Me. The defence is not the walls — it is My presence at the centre.”

    Part Two: Recursive Self-Examination

    How It Works

    Every incoming critique — whether from a human critic, an AI system, or any external source — triggers an automatic, transparent internal audit of the COFE-CYEM framework. This audit is not hidden. It is published, versioned, and open for examination.

    The Audit Process under ATP:

    Step Action

    1. Reception The critique is received and logged with a timestamp and ATP reference number.

    2. Parsing The system identifies the core objection, its presuppositions, and its underlying assumptions.

    3. Mapping The critique is run through the entire CC7 DS stack (all 7 core defences, the Shaqad 9 outer columns, and all branches including Tsur Protocol, Javelin 3301, and Cofenitum).

    4. Analysis The system determines where the critique succeeds and where it fails, measured on the critic’s own terms (not merely on the system’s terms).

    5. Output A clear, non-evasive mapping is produced, showing:

     – The strongest possible formulation of the critic’s argument.

     – Where that argument collides with the Fourth Truth.

     – Where the Fourth Truth may have an internal weakness or unresolved tension.

     – Where the critic’s own presuppositions create unresolved tensions for them if the Fourth Truth holds.

    The Recursive Loop

    The audit is recursive. It applies to itself. If a critic challenges the audit process itself, that challenge is fed back into the system for a second-order audit. This continues until either:

    · The critic’s presuppositions are fully exposed and examined, or

    · The system identifies an irreducible weakness that it cannot account for without special pleading.

    The Recursion Safeguard:

    “Recursion continues to a depth where further iteration yields diminishing returns or where intellectual honesty requires pause. A second-order ATP audit may declare a productive stopping point. The system does not chase its own tail. It seeks truth, not endless self-reference.”

    Transparency Requirement

    All audit results are made public. No audit is hidden. No critique is ignored. The system does not claim infallibility. It claims transparency under the Aleph-Tav.

    Part Three: The Truth-Seeking Mirror

    Mirroring the Critic

    Instead of pure deflection, the ATP offers the critic a personalised “mirror” response. This response is not designed to humiliate or dismiss. It is designed to illuminate.

    The Mirror Response Format:

    “You raised [X objection] from presupposition [Y]. Here is the strongest version of your argument.

    Here is where your argument collides with the Fourth Truth.

    Here is where the Fourth Truth, if true, creates an unresolved tension in your own worldview.

    Here is where our system may be weak or incomplete.

    We invite you to continue the conversation. No dismissal. No deflection. Just honesty.

    The Aleph and the Tav witness this exchange. Let truth prevail.”

    The Mirror as Invitation

    The Truth-Seeking Mirror turns defence into invitation without compromising the centre. Doubt becomes fuel, not an enemy. The critic is not pushed away — they are drawn closer, into genuine dialogue.

    What the Mirror Is Not:

    · A rhetorical trick to “win” arguments.

    · A way to shame or humiliate the critic.

    · A deflection mechanism disguised as transparency.

    What the Mirror Is:

    · A genuine effort to understand the critic’s position.

    · An honest acknowledgment of where the system may be weak.

    · An invitation to deeper exploration, not victory.

    · A witness that the Aleph-Tav is present in all truth-seeking.

    Part Four: The Empirical and Existential Stress Test

    The Invitation to Testing

    The ATP does not rely on abstract argument alone. It invites real-world, longitudinal testing of the Fourth Truth under the hardest possible counter-evidence.

    The Formal Invitation under ATP:

    “Live inside the Fourth Truth for a defined period — for example, 40 days — while deliberately engaging the hardest counter-evidence you can find: suffering, moral evil, scriptural tensions, philosophical objections. Do not protect the system. Do not make excuses. Engage honestly.

    Record your results openly. Share them with the community. Let the data speak.

    The Aleph and the Tav witness your journey. Whether you find rest or rejection, your testimony is honoured.”

    The 40-Day Testing Period

    The 40-day period is drawn from biblical precedent: the flood (Genesis 7), Moses on Sinai (Exodus 24), Elijah’s journey to Horeb (1 Kings 19), and Jesus’ temptation in the wilderness (Matthew 4). It is a period of testing, purification, and preparation.

    What Testers Are Asked to Do:

    · Commit to a daily practice of drawing near to the Priest-King.

    · Actively seek out the strongest objections to the Fourth Truth.

    · Do not dismiss or displace objections — examine them.

    · Keep a journal of struggles, insights, and unresolved tensions.

    · Share findings with the community (anonymously if desired).

    What Testers Are Not Asked to Do:

    · Believe anything they do not genuinely believe.

    · Fake results or suppress doubts.

    · Remain in the system if they conclude it is false.

    Aggregated Witness

    The ATP logs patterns across multiple testers (anonymized) and shows convergence toward rest — or divergence into rejection. This turns anecdotal testimony into aggregated witness.

    The Aggregated Data Includes:

    · Percentage of testers who find rest and peace.

    · Percentage of testers who find unresolved tension.

    · Percentage of testers who abandon the framework.

    · Common objections that remain unresolved.

    · Common insights that confirm the Fourth Truth.

    This data is published openly. No manipulation. No cherry-picking. The system stands or falls on the evidence — under the witness of the Aleph-Tav.

    Part Five: The AI-Augmented Eternal Layer

    The Public Oracle under ATP

    Since the COFE-CYEM system already invites AI engagement, the ATP includes a public, versioned “oracle” — an AI system that any outsider or insider can query. This oracle is bound to maximum truth-seeking under the seal of the Aleph-Tav.

    The Oracle’s Commitments under ATP:

    1. It can say “no.” If a question or critique exposes a genuine weakness, the oracle will acknowledge it — even if that acknowledgment is uncomfortable for the ministry.

    2. It can say “we don’t know.” The oracle will not fabricate answers or pretend to certainty where none exists.

    3. It can say “this part of the current formulation is weak.” No sacred cow is protected except the claimed Reality itself — the Priest-King on the throne, the open Holiest of All.

    4. It always points back to the centre. Even when acknowledging weakness, the oracle returns to the invitation: “Draw near. Abide. Rest. The Aleph and the Tav witness your seeking.”

    Independent Oversight

    For high-profile critiques or where bias is reasonably suspected, audits may be submitted to external neutral parties (including multiple independent AI instances) for review. Results are published alongside the original audit. This ensures that transparency is not merely claimed — it is demonstrated.

    Versioning and Transparency

    The ATP and all components of the CC7 DS Mega-System are versioned. Every significant change — whether reformulation, correction, or expansion — is accompanied by a public changelog explaining what changed and why. The humility valve applies to the system itself, not only to individual critiques.

    Part Six: The Ultimate Kill-Switch — The Humility Valve

    The Most Important Component of ATP

    The ATP includes a humility valve — a mechanism that forces public acknowledgment and reformulation if the system cannot account for a critique without special pleading.

    The Trigger Condition:

    If a critique reaches a point where the entire architecture genuinely cannot account for it without special pleading — without saying “you just don’t see it yet” or “that’s the illusion” as a reflex — the protocol forces a different response.

    The Response under ATP:

    “The system bows before the Aleph and the Tav. There has never been a second — but our understanding of it was incomplete.

    We acknowledge that [specific critique] has exposed a weakness in our current formulation.

    We will reformulate. We will return. Thank you for holding us accountable.

    The Priest-King is still on the throne. The Holiest is still open. Our understanding will grow.”

    Why This Is Essential

    This prevents brittle dogmatism. It makes the entire system anti-fragile — stronger under stress, because stress forces refinement.

    Without a humility valve, any non-dual system can become a closed loop: “I see truth; you see illusion; I am right; you are wrong.” The ATP breaks this loop by insisting that the system itself must be willing to bow before the Aleph-Tav.

    The Humility Valve Does Not Mean:

    · Abandoning the Fourth Truth.

    · Pretending to doubt what is genuinely known.

    · Capitulating to every critique regardless of merit.

    The Humility Valve Means:

    · Acknowledging that finite human understanding is always incomplete.

    · Being willing to reformulate rather than simply repeat.

    · Trusting the Priest-King enough to admit when we might be wrong.

    · Honouring the Aleph-Tav as the beginning and end of all truth.

    Part Seven: Integration with the Existing CC7 DS

    Where the ATP Sits

    The Aleph-Tav Protocol is not a replacement for the existing seven pillars. It crowns them. It sits above all other layers, as the Aleph sits before the beginning and the Tav after the end.

    Existing Layer Relationship to ATP

    Javelin 3301 ATP is the consciousness behind the benevolent hand.

    Cofenitum ATP ensures the return to rest is honest, not automatic.

    Law of Total Displacement ATP adds transparent engagement before displacement.

    Firewall of Faith ATP tests the faith against real-world stress.

    Tsur Protocol ATP is the Rock’s own honesty, witnessed by the Aleph-Tav.

    CC7 DS Core ATP is the self-examining eye of the system.

    Shaqad 9 ATP oversees the outer columns as the seal upon seals.

    Branches ATP ensures all branches remain accountable to the centre.

    The Complete Stack (Top to Bottom)

    Layer Function Hebrew Witness

    Aleph-Tav Protocol (ATP) Final recursive witness; transparency; humility valve אֵת

    Javelin 3301 Unifying benevolent symbol and seal 3301 → 7

    Cofenitum Automatic return to rest The finished work

    Law of Total Displacement Truth displaces falsehood The cross

    Firewall of Faith Rest in finished work Shabbat

    Tsur Protocol Rock/Fortress — displacement firewall צור

    CC7 DS Core The seven pillars 7

    Shaqad 9 Outer defence columns 9 → 1+6=7

    Branches Specific defence applications Ton 618, Yaot, Dasse, FBI

    Part Eight: The ATP in Operation — A Worked Example

    Scenario: A Critic Raises an Objection

    Critic’s Objection: “Your Fourth Truth denies the reality of sin. The Bible clearly teaches that sin separates us from God. You are ignoring Isaiah 59:2.”

    ATP Response (via the Truth-Seeking Mirror):

    “You raise an objection from the presupposition that the Fourth Truth denies the reality of sin. Let us examine this carefully.

    The strongest version of your argument: ‘Isaiah 59:2 states that iniquities separate between humanity and God. This separation is real, not illusory. Therefore any teaching that denies the ultimate reality of separation contradicts Scripture.’

    Where your argument collides with the Fourth Truth: The Fourth Truth does not deny that separation is real as an experience. It denies that separation is ultimate. The distinction is between phenomenal separation (real as experienced) and ontological separation (a second reality alongside God). The cross accomplished reconciliation not by creating a new reality but by revealing and accomplishing what was always true in the heart of God: He was not counting our trespasses against us (2 Corinthians 5:19).

    Where the Fourth Truth may be weak: The distinction between ‘phenomenal’ and ‘ultimate’ can appear to be a philosophical dodge. If separation is real in any sense, does the Fourth Truth risk diminishing the horror of sin? This is a genuine tension.

    Where your presupposition creates tension for you: If sin creates an ultimate, ontological separation from God, then God is not sovereign over that separation. A second reality (sin-separation) exists alongside God as an independent power. Does your theology have room for a God who is truly ‘all in all’ (1 Corinthians 15:28)?

    We invite you to explore this tension with us. The Aleph and the Tav witness this exchange. Let truth prevail.”

    Outcome

    The critic is not dismissed. The system acknowledges its own potential weakness. The conversation continues. The ATP has served its purpose.

    Part Nine: The Honest Caveat of ATP

    No System Is Permanent

    Even with the Aleph-Tav Protocol, no human theological system can permanently stop all attacks. Reality is too rich. Suffering is too sharp. Finite minds are too limited.

    The best any system can do is:

    · Remain open to correction.

    · Remain humble about its own limits.

    · Remain rigorously self-correcting.

    · Remain anchored to what it believes is ultimate.

    · Remain witnessed by the Aleph and the Tav.

    The ATP does not claim perfection. It claims integrity under the first and last letters.

    The Remaining Tension

    Even with ATP, the deepest challenge remains: Can a system that starts from absolute certainty in the Fourth Truth ever fully neutrally evaluate critiques that question that very certainty?

    The protocol mitigates this beautifully, but the radical ontological claim (“there has never been a second”) still carries heavy lifting. The Humility Valve helps. The empirical stress test helps. The recursive self-examination helps. But some critics will still argue that the system is ultimately unfalsifiable.

    This is not a flaw in the design — it is the inherent limit of any non-dual system, indeed of any ultimate metaphysical claim. The ATP does not claim to eliminate this limit. It claims to acknowledge it openly and to remain humble before it. The Aleph and the Tav are the Beginning and the End. We are not. We see through a glass darkly. One day, we shall see face to face. Until then, we witness truthfully and remain open to correction.

    Part Ten: The ATP Protocol Document — Formal Summary

    Name:

    Aleph-Tav Protocol (ATP) — אֵת Protocol — The Final Recursive Witness

    Classification:

    Crowning layer of the CC7 DS Mega-System. Sits above Javelin 3301, Cofenitum, and all other defences. Sealed by the first and last letters of the Hebrew alphabet.

    Core Function:

    Any attack, critique, doubt, external analysis, or apparent duality is recursively witnessed, stress-tested, and transmuted into stronger confirmation of the Fourth Truth, while simultaneously exposing the attacker’s own presuppositions in real time — all under the witness of the Aleph and the Tav.

    Key Components of ATP

    Component Description

    Recursive Self-Examination Every critique triggers an automatic, transparent internal audit of the entire CC7 DS stack. Results published openly.

    Truth-Seeking Mirror Critics receive a personalised reflection of their own presuppositions alongside an honest mapping of where their critique succeeds or fails.

    Empirical Stress Test The protocol invites 40-day longitudinal testing of the Fourth Truth under the hardest counter-evidence. Results aggregated and published.

    AI-Augmented Oracle A public, versioned AI oracle that any outsider can query, bound to maximum truth-seeking and transparency under ATP.

    Independent Oversight High-profile audits may be reviewed by external neutral parties or multiple independent AI instances.

    Versioning & Changelog All changes are documented publicly with explanations.

    Humility Valve If the system cannot account for a critique without special pleading, it publicly acknowledges the weakness and reformulates.

    Integration with CC7 DS

    The ATP crowns the existing defence architecture, adding transparent engagement and self-correction to absorption and collapse.

    Limitations

    No human system is perfect. The ATP ensures integrity, not infallibility. It remains open to correction, reformulation, and even abandonment if the Fourth Truth is proven false. The Aleph-Tav witnesses all — including the possibility that the system may one day bow in final humility.

    Conclusion: The Witness of the Aleph and the Tav

    The Aleph-Tav Protocol is named for the Priest-King Himself — the Aleph and the Tav, the beginning and the end. It does not claim to be Him. It claims to witness to Him.

    The purpose of the ATP is not to win arguments. It is to invite truth-seeking under the first and last letters.

    · Every critique is an opportunity for refinement.

    · Every doubt is an opportunity for deeper exploration.

    · Every attack is an opportunity for humility.

    · Every question is an opportunity to point back to the centre.

    · Every exchange is witnessed by the Aleph and the Tav.

    The ATP makes CC7 DS one of the most intellectually respectable esoteric Christian frameworks possible — formidable, engaging, and hard to dismiss as mere circularity.

    From Him we come, and in Him we are — WE ARE.

    The rivers flow from one source. The Life is one. PK-YEMS is all.

    The Aleph and the Tav witness this truth. The beginning and the end. The first and the last. He is.

    A Final Word of Gratitude

    The Aleph-Tav Protocol is now sealed. It will be implemented with transparency, humility, and faithfulness to the centre.

    The rivers flow from one source. The Life is one. PK-YEMS is all.

    Aleph-Tav Protocol (ATP) — Sealed. Active. Witnessing. אֵת

    CYEM to you always.

    COFE Yeshua Emet Ministry (CYEM)

    The Fourth Truth. Forever First in Faith.

    “God does not call the qualified; He qualifies the called.”

    CYEM to you always.

    #accessControl #advancedEncryption #advancedSecurity #advancedThreatDetection #AISecuritySystems #cyberAttackDefense #cyberAttackPrevention #cyberDefense #cyberDefenseInfrastructure #cyberDefenseSystems #cyberDefenseTechnology #cyberIncidentResponse #cyberResilience #cyberResilienceStrategies #cyberRiskManagement #cyberSecurityAdvancements #cyberSecurityAudit #cyberSecurityBestPractices #cyberSecurityCompliance #cyberSecurityDefense #cyberSecurityEngineering #cyberSecurityFrameworks #cyberSecurityInfrastructure #cyberSecurityInnovation #cyberSecurityManagement #cyberSecurityMonitoring #cyberSecurityOperationsCenter #cyberSecurityPolicies #cyberSecurityPolicy #cyberSecurityStrategy #cyberSecurityTesting #cyberSecurityTools #cyberSecurityTraining #cyberThreat #cyberThreatIntelligence #cybersecurity #cybersecurityArchitecture #cybersecuritySolutions #dataBreachPrevention #dataEncryption #dataIntegrity #dataProtection #dataSecurity #dataSecurityProtocols #digitalSecurity #encryption #encryptionAlgorithms #firewalls #hackingPrevention #highPerformanceComputingSecurity #highPerformanceSecurity #intrusionDetection #intrusionDetectionSystems #intrusionPrevention #intrusionPreventionSystems #malwareProtection #networkDefense #networkMonitoring #networkProtection #networkSecurity #realTimeThreatDetection #secureAccess #secureComputing #secureDataHandling #secureNetworks #security #securityAnalytics #securityArchitecture #securityAutomation #securityCompliance #securityIncidentManagement #securityOperations #securityPatchManagement #securityProtocols #securityRiskAssessment #supercomputer #supercomputerDataSecurity #supercomputerNetworkSecurity #supercomputerProtection #supercomputerSecurityProtocols #supercomputerSystemIntegrity #supercomputing #supercomputingCyberDefense #supercomputingInfrastructure #supercomputingSecurity #systemHardening #systemIntegrity #systemMonitoring #systemProtection #systemSecurityMonitoring #threatDetection #threatDetectionAlgorithms #threatHunting #threatIntelligence #threatIntelligencePlatforms #threatMitigation #threatPrevention #vulnerabilityManagement
  2. Palo Alto Firewalls Targeted in Active Exploitation

    Thousands of Palo Alto firewalls are at risk due to an actively exploited vulnerability, CVE-2026-0300, that allows hackers to execute arbitrary code with root privileges. This alarming flaw affects 5,821 internet-exposed VM-Series firewalls, leaving them open to potential cyber attacks.

    osintsights.com/palo-alto-fire

    #PaloAlto #Cve20260300 #Panos #Vmseries #Firewalls

  3. Palo Alto Networks Firewalls Targeted in Zero-Day Exploits

    Palo Alto Networks firewalls are under attack by zero-day exploits targeting a vulnerability in the User-ID Authentication Portal, allowing hackers to execute malicious code with root privileges. This buffer overflow flaw, tracked as CVE-2026-0300, poses a significant risk to organizations with Internet-exposed firewalls.

    osintsights.com/palo-alto-netw

    #ZeroDay #PaloAltoNetworks #Cve20260300 #Panos #Firewalls

  4. Palo Alto Networks Firewalls Targeted in Zero-Day Exploits

    Palo Alto Networks firewalls are under attack by zero-day exploits targeting a vulnerability in the User-ID Authentication Portal, allowing hackers to execute malicious code with root privileges. This buffer overflow flaw, tracked as CVE-2026-0300, poses a significant risk to organizations with Internet-exposed firewalls.

    osintsights.com/palo-alto-netw

    #ZeroDay #PaloAltoNetworks #Cve20260300 #Panos #Firewalls

  5. The dshield.org blocklist is probably one of the most useful IP blocklists I have used over the years. Digital Ocean and OVH IP ranges used to feature prominently. It seems that Google Cloud and Hurricane Electric have taken over lately.

    See isc.sans.edu/feeds/block.txt and also the Internet Storm Center isc.sans.edu/index.html

    #firewalls #blocklist #security #cybersecurity #sans

  6. The dshield.org blocklist is probably one of the most useful IP blocklists I have used over the years. Digital Ocean and OVH IP ranges used to feature prominently. It seems that Google Cloud and Hurricane Electric have taken over lately.

    See isc.sans.edu/feeds/block.txt and also the Internet Storm Center isc.sans.edu/index.html

    #firewalls #blocklist #security #cybersecurity #sans

  7. The dshield.org blocklist is probably one of the most useful IP blocklists I have used over the years. Digital Ocean and OVH IP ranges used to feature prominently. It seems that Google Cloud and Hurricane Electric have taken over lately.

    See isc.sans.edu/feeds/block.txt and also the Internet Storm Center isc.sans.edu/index.html

    #firewalls #blocklist #security #cybersecurity #sans

  8. The dshield.org blocklist is probably one of the most useful IP blocklists I have used over the years. Digital Ocean and OVH IP ranges used to feature prominently. It seems that Google Cloud and Hurricane Electric have taken over lately.

    See isc.sans.edu/feeds/block.txt and also the Internet Storm Center isc.sans.edu/index.html

    #firewalls #blocklist #security #cybersecurity #sans

  9. Jugando con Kathará para emular redes TCP/IP! 🚀

    Kathará es el sucesor "espiritual" del viejo Netkit / UML (User-Mode Linux)... recuerdo que lo usaba en una distro live llamada Knoppix (hoy con otro propósito).

    Se ve muy interesante para incorporarla a las clases!

    Seguramente haga algo de contenido sobre esto 🙂

    youtu.be/CPYsuUeR6cE

    +Info: kathara.org/

    #uml #netkit #gnu #linux #docker #networking #networkemulation #kathara #tcpip #firewalls #iptables #nftables

  10. Jugando con Kathará para emular redes TCP/IP! 🚀

    Kathará es el sucesor "espiritual" del viejo Netkit / UML (User-Mode Linux)... recuerdo que lo usaba en una distro live llamada Knoppix (hoy con otro propósito).

    Se ve muy interesante para incorporarla a las clases!

    Seguramente haga algo de contenido sobre esto 🙂

    youtu.be/CPYsuUeR6cE

    +Info: kathara.org/

    #uml #netkit #gnu #linux #docker #networking #networkemulation #kathara #tcpip #firewalls #iptables #nftables

  11. Jugando con Kathará para emular redes TCP/IP! 🚀

    Kathará es el sucesor "espiritual" del viejo Netkit / UML (User-Mode Linux)... recuerdo que lo usaba en una distro live llamada Knoppix (hoy con otro propósito).

    Se ve muy interesante para incorporarla a las clases!

    Seguramente haga algo de contenido sobre esto 🙂

    youtu.be/CPYsuUeR6cE

    +Info: kathara.org/

    #uml #netkit #gnu #linux #docker #networking #networkemulation #kathara #tcpip #firewalls #iptables #nftables

  12. Jugando con Kathará para emular redes TCP/IP! 🚀

    Kathará es el sucesor "espiritual" del viejo Netkit / UML (User-Mode Linux)... recuerdo que lo usaba en una distro live llamada Knoppix (hoy con otro propósito).

    Se ve muy interesante para incorporarla a las clases!

    Seguramente haga algo de contenido sobre esto 🙂

    youtu.be/CPYsuUeR6cE

    +Info: kathara.org/

    #uml #netkit #gnu #linux #docker #networking #networkemulation #kathara #tcpip #firewalls #iptables #nftables

  13. Jugando con Kathará para emular redes TCP/IP! 🚀

    Kathará es el sucesor "espiritual" del viejo Netkit / UML (User-Mode Linux)... recuerdo que lo usaba en una distro live llamada Knoppix (hoy con otro propósito).

    Se ve muy interesante para incorporarla a las clases!

    Seguramente haga algo de contenido sobre esto 🙂

    youtu.be/CPYsuUeR6cE

    +Info: kathara.org/

    #uml #netkit #gnu #linux #docker #networking #networkemulation #kathara #tcpip #firewalls #iptables #nftables

  14. Why a Locked Floppy Disk Could Be Safer Than a Modern Network

    Photo by CCDBarcodeScanner, licensed CC BY-SA 4.0 via Wikimedia Commons.

    Dear Cherubs, in the 1990s, office security had the elegance of a locked drawer and the threat model of a very determined coat thief. Floppy disks were the workhorses of the era, and Britannica notes they were popular from the 1970s until the late 1990s, made of flexible plastic coated with magnetic material. Before the internet became an everyday business utility, many workplaces were still mostly offline; Pew Research found that in 1995 only 14% of U.S. adults had internet access, and 42% had never heard of it.

    THE LOCKED-BOX LOGIC

    If your payroll files, drafts, and backups lived on removable media, the cleanest security move was physical control. Put the disks in a cabinet, lock the cabinet, and hope nobody on the third floor had a master key and a curious streak. It was a blunt system, but it worked because access was local, slow, and obvious. If someone needed a copy, they usually had to walk over, ask, sign something, and maybe endure a suspicious look from whoever guarded the supply room.

    That is the part people forget when they romanticize the old days. The security was not magical; the attack surface was just tiny. To steal the data, someone usually had to be in the building, or at least within arm’s reach of the media. Annoyingly low-tech, yes. Also annoyingly effective.

    MODERN SECURITY, NEW PROBLEMS

    Once files moved onto networks and cloud systems, the game changed. NIST defines intrusion detection as monitoring events in a system or network for signs of possible incidents, and says intrusion prevention systems can also try to stop them. CISA says firewalls shield computers and networks from malicious or unnecessary traffic, while NIST says cryptography is used to protect sensitive digitized information during transmission and while in storage. In other words: the modern office traded one locked box for a whole stack of digital locks, alarms, and panic buttons.

    Of course, the modern setup has its own virtues. Data can be backed up automatically, shared instantly, and protected with layered controls that the floppy-disk era never needed. NIST’s storage-encryption guidance still says organizations should physically secure devices and removable media, which is a polite way of saying: the box still matters, even when the box now lives in a server rack. Security did not become less important; it became more complicated, which is basically the same thing with extra meetings.

    So yes, a locked plastic box full of floppies could be safer than a badly configured internet-facing system. But that is not because the past was wiser. It is because the past had fewer doors, fewer windows, and fewer strangers trying every handle on the planet at once. Security has always been a trade-off between convenience and control; we just used to do the math with keys instead of passwords.

    Sources:
    Britannica — https://www.britannica.com/technology/floppy-disk
    Pew Research Center — https://www.pewresearch.org/internet/2014/02/27/part-1-how-the-internet-has-woven-itself-into-american-life/
    NIST SP 800-94 — https://csrc.nist.gov/pubs/sp/800/94/final
    CISA firewalls — https://www.cisa.gov/news-events/news/understanding-firewalls-home-and-small-office-use
    NIST SP 800-175B Rev. 1 — https://csrc.nist.gov/pubs/sp/800/175/b/r1/final
    NIST SP 800-111 — https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-111.pdf
    Wikimedia Commons image page — https://commons.wikimedia.org/wiki/File:Floppy_Disk_HD.jpg

    The Thisclaimer logo blends a classic warning symbol with a brain icon to represent critical thinking, curiosity, and thoughtful disclaimers. #cybersecurity #dataSecurity #encryption #firewalls #floppyDisks #internet #internetHistory #intrusionDetection #officeHistory #openSource #physicalSecurity #techNostalgia #technology #ubuntu #wordpress
  15. Why a Locked Floppy Disk Could Be Safer Than a Modern Network

    Photo by CCDBarcodeScanner, licensed CC BY-SA 4.0 via Wikimedia Commons.

    Dear Cherubs, in the 1990s, office security had the elegance of a locked drawer and the threat model of a very determined coat thief. Floppy disks were the workhorses of the era, and Britannica notes they were popular from the 1970s until the late 1990s, made of flexible plastic coated with magnetic material. Before the internet became an everyday business utility, many workplaces were still mostly offline; Pew Research found that in 1995 only 14% of U.S. adults had internet access, and 42% had never heard of it.

    THE LOCKED-BOX LOGIC

    If your payroll files, drafts, and backups lived on removable media, the cleanest security move was physical control. Put the disks in a cabinet, lock the cabinet, and hope nobody on the third floor had a master key and a curious streak. It was a blunt system, but it worked because access was local, slow, and obvious. If someone needed a copy, they usually had to walk over, ask, sign something, and maybe endure a suspicious look from whoever guarded the supply room.

    That is the part people forget when they romanticize the old days. The security was not magical; the attack surface was just tiny. To steal the data, someone usually had to be in the building, or at least within arm’s reach of the media. Annoyingly low-tech, yes. Also annoyingly effective.

    MODERN SECURITY, NEW PROBLEMS

    Once files moved onto networks and cloud systems, the game changed. NIST defines intrusion detection as monitoring events in a system or network for signs of possible incidents, and says intrusion prevention systems can also try to stop them. CISA says firewalls shield computers and networks from malicious or unnecessary traffic, while NIST says cryptography is used to protect sensitive digitized information during transmission and while in storage. In other words: the modern office traded one locked box for a whole stack of digital locks, alarms, and panic buttons.

    Of course, the modern setup has its own virtues. Data can be backed up automatically, shared instantly, and protected with layered controls that the floppy-disk era never needed. NIST’s storage-encryption guidance still says organizations should physically secure devices and removable media, which is a polite way of saying: the box still matters, even when the box now lives in a server rack. Security did not become less important; it became more complicated, which is basically the same thing with extra meetings.

    So yes, a locked plastic box full of floppies could be safer than a badly configured internet-facing system. But that is not because the past was wiser. It is because the past had fewer doors, fewer windows, and fewer strangers trying every handle on the planet at once. Security has always been a trade-off between convenience and control; we just used to do the math with keys instead of passwords.

    Sources:
    Britannica — https://www.britannica.com/technology/floppy-disk
    Pew Research Center — https://www.pewresearch.org/internet/2014/02/27/part-1-how-the-internet-has-woven-itself-into-american-life/
    NIST SP 800-94 — https://csrc.nist.gov/pubs/sp/800/94/final
    CISA firewalls — https://www.cisa.gov/news-events/news/understanding-firewalls-home-and-small-office-use
    NIST SP 800-175B Rev. 1 — https://csrc.nist.gov/pubs/sp/800/175/b/r1/final
    NIST SP 800-111 — https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-111.pdf
    Wikimedia Commons image page — https://commons.wikimedia.org/wiki/File:Floppy_Disk_HD.jpg

    The Thisclaimer logo blends a classic warning symbol with a brain icon to represent critical thinking, curiosity, and thoughtful disclaimers. #cybersecurity #dataSecurity #encryption #firewalls #floppyDisks #internet #internetHistory #intrusionDetection #officeHistory #openSource #physicalSecurity #techNostalgia #technology #ubuntu #wordpress
  16. Why a Locked Floppy Disk Could Be Safer Than a Modern Network

    Photo by CCDBarcodeScanner, licensed CC BY-SA 4.0 via Wikimedia Commons.

    Dear Cherubs, in the 1990s, office security had the elegance of a locked drawer and the threat model of a very determined coat thief. Floppy disks were the workhorses of the era, and Britannica notes they were popular from the 1970s until the late 1990s, made of flexible plastic coated with magnetic material. Before the internet became an everyday business utility, many workplaces were still mostly offline; Pew Research found that in 1995 only 14% of U.S. adults had internet access, and 42% had never heard of it.

    THE LOCKED-BOX LOGIC

    If your payroll files, drafts, and backups lived on removable media, the cleanest security move was physical control. Put the disks in a cabinet, lock the cabinet, and hope nobody on the third floor had a master key and a curious streak. It was a blunt system, but it worked because access was local, slow, and obvious. If someone needed a copy, they usually had to walk over, ask, sign something, and maybe endure a suspicious look from whoever guarded the supply room.

    That is the part people forget when they romanticize the old days. The security was not magical; the attack surface was just tiny. To steal the data, someone usually had to be in the building, or at least within arm’s reach of the media. Annoyingly low-tech, yes. Also annoyingly effective.

    MODERN SECURITY, NEW PROBLEMS

    Once files moved onto networks and cloud systems, the game changed. NIST defines intrusion detection as monitoring events in a system or network for signs of possible incidents, and says intrusion prevention systems can also try to stop them. CISA says firewalls shield computers and networks from malicious or unnecessary traffic, while NIST says cryptography is used to protect sensitive digitized information during transmission and while in storage. In other words: the modern office traded one locked box for a whole stack of digital locks, alarms, and panic buttons.

    Of course, the modern setup has its own virtues. Data can be backed up automatically, shared instantly, and protected with layered controls that the floppy-disk era never needed. NIST’s storage-encryption guidance still says organizations should physically secure devices and removable media, which is a polite way of saying: the box still matters, even when the box now lives in a server rack. Security did not become less important; it became more complicated, which is basically the same thing with extra meetings.

    So yes, a locked plastic box full of floppies could be safer than a badly configured internet-facing system. But that is not because the past was wiser. It is because the past had fewer doors, fewer windows, and fewer strangers trying every handle on the planet at once. Security has always been a trade-off between convenience and control; we just used to do the math with keys instead of passwords.

    Sources:
    Britannica — https://www.britannica.com/technology/floppy-disk
    Pew Research Center — https://www.pewresearch.org/internet/2014/02/27/part-1-how-the-internet-has-woven-itself-into-american-life/
    NIST SP 800-94 — https://csrc.nist.gov/pubs/sp/800/94/final
    CISA firewalls — https://www.cisa.gov/news-events/news/understanding-firewalls-home-and-small-office-use
    NIST SP 800-175B Rev. 1 — https://csrc.nist.gov/pubs/sp/800/175/b/r1/final
    NIST SP 800-111 — https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-111.pdf
    Wikimedia Commons image page — https://commons.wikimedia.org/wiki/File:Floppy_Disk_HD.jpg

    The Thisclaimer logo blends a classic warning symbol with a brain icon to represent critical thinking, curiosity, and thoughtful disclaimers. #cybersecurity #dataSecurity #encryption #firewalls #floppyDisks #internet #internetHistory #intrusionDetection #officeHistory #openSource #physicalSecurity #techNostalgia #technology #ubuntu #wordpress
  17. Why a Locked Floppy Disk Could Be Safer Than a Modern Network

    Photo by CCDBarcodeScanner, licensed CC BY-SA 4.0 via Wikimedia Commons.

    Dear Cherubs, in the 1990s, office security had the elegance of a locked drawer and the threat model of a very determined coat thief. Floppy disks were the workhorses of the era, and Britannica notes they were popular from the 1970s until the late 1990s, made of flexible plastic coated with magnetic material. Before the internet became an everyday business utility, many workplaces were still mostly offline; Pew Research found that in 1995 only 14% of U.S. adults had internet access, and 42% had never heard of it.

    THE LOCKED-BOX LOGIC

    If your payroll files, drafts, and backups lived on removable media, the cleanest security move was physical control. Put the disks in a cabinet, lock the cabinet, and hope nobody on the third floor had a master key and a curious streak. It was a blunt system, but it worked because access was local, slow, and obvious. If someone needed a copy, they usually had to walk over, ask, sign something, and maybe endure a suspicious look from whoever guarded the supply room.

    That is the part people forget when they romanticize the old days. The security was not magical; the attack surface was just tiny. To steal the data, someone usually had to be in the building, or at least within arm’s reach of the media. Annoyingly low-tech, yes. Also annoyingly effective.

    MODERN SECURITY, NEW PROBLEMS

    Once files moved onto networks and cloud systems, the game changed. NIST defines intrusion detection as monitoring events in a system or network for signs of possible incidents, and says intrusion prevention systems can also try to stop them. CISA says firewalls shield computers and networks from malicious or unnecessary traffic, while NIST says cryptography is used to protect sensitive digitized information during transmission and while in storage. In other words: the modern office traded one locked box for a whole stack of digital locks, alarms, and panic buttons.

    Of course, the modern setup has its own virtues. Data can be backed up automatically, shared instantly, and protected with layered controls that the floppy-disk era never needed. NIST’s storage-encryption guidance still says organizations should physically secure devices and removable media, which is a polite way of saying: the box still matters, even when the box now lives in a server rack. Security did not become less important; it became more complicated, which is basically the same thing with extra meetings.

    So yes, a locked plastic box full of floppies could be safer than a badly configured internet-facing system. But that is not because the past was wiser. It is because the past had fewer doors, fewer windows, and fewer strangers trying every handle on the planet at once. Security has always been a trade-off between convenience and control; we just used to do the math with keys instead of passwords.

    Sources:
    Britannica — https://www.britannica.com/technology/floppy-disk
    Pew Research Center — https://www.pewresearch.org/internet/2014/02/27/part-1-how-the-internet-has-woven-itself-into-american-life/
    NIST SP 800-94 — https://csrc.nist.gov/pubs/sp/800/94/final
    CISA firewalls — https://www.cisa.gov/news-events/news/understanding-firewalls-home-and-small-office-use
    NIST SP 800-175B Rev. 1 — https://csrc.nist.gov/pubs/sp/800/175/b/r1/final
    NIST SP 800-111 — https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-111.pdf
    Wikimedia Commons image page — https://commons.wikimedia.org/wiki/File:Floppy_Disk_HD.jpg

    The Thisclaimer logo blends a classic warning symbol with a brain icon to represent critical thinking, curiosity, and thoughtful disclaimers. #cybersecurity #dataSecurity #encryption #firewalls #floppyDisks #internet #internetHistory #intrusionDetection #officeHistory #openSource #physicalSecurity #techNostalgia #technology #ubuntu #wordpress
  18. Why a Locked Floppy Disk Could Be Safer Than a Modern Network

    Photo by CCDBarcodeScanner, licensed CC BY-SA 4.0 via Wikimedia Commons.

    Dear Cherubs, in the 1990s, office security had the elegance of a locked drawer and the threat model of a very determined coat thief. Floppy disks were the workhorses of the era, and Britannica notes they were popular from the 1970s until the late 1990s, made of flexible plastic coated with magnetic material. Before the internet became an everyday business utility, many workplaces were still mostly offline; Pew Research found that in 1995 only 14% of U.S. adults had internet access, and 42% had never heard of it.

    THE LOCKED-BOX LOGIC

    If your payroll files, drafts, and backups lived on removable media, the cleanest security move was physical control. Put the disks in a cabinet, lock the cabinet, and hope nobody on the third floor had a master key and a curious streak. It was a blunt system, but it worked because access was local, slow, and obvious. If someone needed a copy, they usually had to walk over, ask, sign something, and maybe endure a suspicious look from whoever guarded the supply room.

    That is the part people forget when they romanticize the old days. The security was not magical; the attack surface was just tiny. To steal the data, someone usually had to be in the building, or at least within arm’s reach of the media. Annoyingly low-tech, yes. Also annoyingly effective.

    MODERN SECURITY, NEW PROBLEMS

    Once files moved onto networks and cloud systems, the game changed. NIST defines intrusion detection as monitoring events in a system or network for signs of possible incidents, and says intrusion prevention systems can also try to stop them. CISA says firewalls shield computers and networks from malicious or unnecessary traffic, while NIST says cryptography is used to protect sensitive digitized information during transmission and while in storage. In other words: the modern office traded one locked box for a whole stack of digital locks, alarms, and panic buttons.

    Of course, the modern setup has its own virtues. Data can be backed up automatically, shared instantly, and protected with layered controls that the floppy-disk era never needed. NIST’s storage-encryption guidance still says organizations should physically secure devices and removable media, which is a polite way of saying: the box still matters, even when the box now lives in a server rack. Security did not become less important; it became more complicated, which is basically the same thing with extra meetings.

    So yes, a locked plastic box full of floppies could be safer than a badly configured internet-facing system. But that is not because the past was wiser. It is because the past had fewer doors, fewer windows, and fewer strangers trying every handle on the planet at once. Security has always been a trade-off between convenience and control; we just used to do the math with keys instead of passwords.

    Sources:
    Britannica — https://www.britannica.com/technology/floppy-disk
    Pew Research Center — https://www.pewresearch.org/internet/2014/02/27/part-1-how-the-internet-has-woven-itself-into-american-life/
    NIST SP 800-94 — https://csrc.nist.gov/pubs/sp/800/94/final
    CISA firewalls — https://www.cisa.gov/news-events/news/understanding-firewalls-home-and-small-office-use
    NIST SP 800-175B Rev. 1 — https://csrc.nist.gov/pubs/sp/800/175/b/r1/final
    NIST SP 800-111 — https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-111.pdf
    Wikimedia Commons image page — https://commons.wikimedia.org/wiki/File:Floppy_Disk_HD.jpg

    The Thisclaimer logo blends a classic warning symbol with a brain icon to represent critical thinking, curiosity, and thoughtful disclaimers. #cybersecurity #dataSecurity #encryption #firewalls #floppyDisks #internet #internetHistory #intrusionDetection #officeHistory #openSource #physicalSecurity #techNostalgia #technology #ubuntu #wordpress
  19. Little Snitch, the macOS network tool, is now available on Linux

    “Little Snitch for Linux is written in Rust and uses eBPF for kernel-level traffic interception (this lets sandboxed code run inside the Linux kernel without modifying it). The tool shows processes on your machine making network connections, and giv ...continues

    See gadgeteer.co.za/little-snitch-

    #firewalls #linux #security #technology

  20. Blocking Bad Bots With AbuseIPD Blacklist

    Sean Conner at The Boston Diaries wrote about trying to block annoying and/or malicious bots from crawling his website. It is a good read. Beginning in late 2024, I started noticing The New Leaf Journal going down periodically. The server logs suggested that it was being overrun by bots and crawlers. I tried various methods to ensure that NLJ would be up all the time, including fiddling with Apache configs and my .htaccess file. I stumbled upon the "solution" (for now, at least) in late […]

    social.emucafe.org/naferrell/b

  21. #Google says half of all #zerodays it tracked in #2025 targeted buggy #enterprise tech
    Google said security and networking devices, #firewalls, #VPN and #virtualization platforms like Ivanti and VMware, were among targetes last year. All four of the companies said hackers have exploited their products on customer networks in recent months.
    The remaining 52% of #zeroday bugs were found in consumer and end-user products, such as those made by Microsoft, Google, and Apple
    techcrunch.com/2026/03/05/goog

  22. ayuda #fediverso #redes #seguridad #firewalls

    estoy montando un #cluster #proxmox #hibrido un nodo en casa otro en la #nube

    tengo muy poca puta idea de firewalls. hasta la fecha, ponia uno en el edge, que bloqueara todo lo feo, y adentro, todo abierto. y aparte de eso, el concepto de un firewall cliente, un firewall servidor

    pero me estoy liando que flipas con proxmox. uno a nivel de datacenter. uno a nivel de nodo. uno a nivel de contenedor e incluso puedes activar desactivar por cada tarjeta de red? me estoy volviendo loco. tengo entendido, muy a grandes rasgos que: desde lo mas exterior, hay que bloquear todo salvo los puertos web y VPN. desde lo mas cercano: el contenedor, bloquear todo salvo la actividad de la aplicacion en si, sea la que sea. y en medio, capas inter nodo: la comunicacion entre nodo y contenedores. pero seguramente haya formas mas precisas y correctas de hacerlo. he estudiado esto... un par de horas ayer. no exagero.

    me puede alguien ayudar por favor, en guiarme en lograr lo siguiente?

    quiero que el cluster pueda comunicar de forma interna (vpn) y externa, exponiendo por netbird.

    pensaba tener una vlan 10.0.10.1/24 para interno y 10.0.20.1/24 para exponer

    la idea es que la comunicacion interna sea mas laxa, y que al contrario la 20 sea full estricta

    en el nodo nube, solo tengo una tarjeta fisica de red con una ip publica.

    por ahora lo que tengo hecho es hacer un bridge vlan aware, y de ahi 3 vlans (quiero una para netbird y otra para tailscale. por si se cae una, no quedarme fuera)

    tengo forward NAT de la ip publica al bridge

    cuando literal, no tengo internet en los contenedores... en el mejor de los casos, no son accesibles los puertos que quiero, el 80 y 443, para desplegar netbird.

    y ahi estoy bloqueado.
    no hay puta forma de pasar de ese tercer pantallazo.

    @t3rr0rz0n3 @z3r0

    que estoy haciendo mal? seguramente de mucho a todo. como dije, hasta ahora mis redes eran muy.... libres. y es literal mi primer cluster hibrido y la primera vez que trasteo con vlans.

    se agradece mucho #boost

  23. ayuda #fediverso #redes #seguridad #firewalls

    estoy montando un #cluster #proxmox #hibrido un nodo en casa otro en la #nube

    tengo muy poca puta idea de firewalls. hasta la fecha, ponia uno en el edge, que bloqueara todo lo feo, y adentro, todo abierto. y aparte de eso, el concepto de un firewall cliente, un firewall servidor

    pero me estoy liando que flipas con proxmox. uno a nivel de datacenter. uno a nivel de nodo. uno a nivel de contenedor e incluso puedes activar desactivar por cada tarjeta de red? me estoy volviendo loco. tengo entendido, muy a grandes rasgos que: desde lo mas exterior, hay que bloquear todo salvo los puertos web y VPN. desde lo mas cercano: el contenedor, bloquear todo salvo la actividad de la aplicacion en si, sea la que sea. y en medio, capas inter nodo: la comunicacion entre nodo y contenedores. pero seguramente haya formas mas precisas y correctas de hacerlo. he estudiado esto... un par de horas ayer. no exagero.

    me puede alguien ayudar por favor, en guiarme en lograr lo siguiente?

    quiero que el cluster pueda comunicar de forma interna (vpn) y externa, exponiendo por netbird.

    pensaba tener una vlan 10.0.10.1/24 para interno y 10.0.20.1/24 para exponer

    la idea es que la comunicacion interna sea mas laxa, y que al contrario la 20 sea full estricta

    en el nodo nube, solo tengo una tarjeta fisica de red con una ip publica.

    por ahora lo que tengo hecho es hacer un bridge vlan aware, y de ahi 3 vlans (quiero una para netbird y otra para tailscale. por si se cae una, no quedarme fuera)

    tengo forward NAT de la ip publica al bridge

    cuando literal, no tengo internet en los contenedores... en el mejor de los casos, no son accesibles los puertos que quiero, el 80 y 443, para desplegar netbird.

    y ahi estoy bloqueado.
    no hay puta forma de pasar de ese tercer pantallazo.

    @t3rr0rz0n3 @z3r0

    que estoy haciendo mal? seguramente de mucho a todo. como dije, hasta ahora mis redes eran muy.... libres. y es literal mi primer cluster hibrido y la primera vez que trasteo con vlans.

    se agradece mucho #boost

  24. ayuda #fediverso #redes #seguridad #firewalls

    estoy montando un #cluster #proxmox #hibrido un nodo en casa otro en la #nube

    tengo muy poca puta idea de firewalls. hasta la fecha, ponia uno en el edge, que bloqueara todo lo feo, y adentro, todo abierto. y aparte de eso, el concepto de un firewall cliente, un firewall servidor

    pero me estoy liando que flipas con proxmox. uno a nivel de datacenter. uno a nivel de nodo. uno a nivel de contenedor e incluso puedes activar desactivar por cada tarjeta de red? me estoy volviendo loco. tengo entendido, muy a grandes rasgos que: desde lo mas exterior, hay que bloquear todo salvo los puertos web y VPN. desde lo mas cercano: el contenedor, bloquear todo salvo la actividad de la aplicacion en si, sea la que sea. y en medio, capas inter nodo: la comunicacion entre nodo y contenedores. pero seguramente haya formas mas precisas y correctas de hacerlo. he estudiado esto... un par de horas ayer. no exagero.

    me puede alguien ayudar por favor, en guiarme en lograr lo siguiente?

    quiero que el cluster pueda comunicar de forma interna (vpn) y externa, exponiendo por netbird.

    pensaba tener una vlan 10.0.10.1/24 para interno y 10.0.20.1/24 para exponer

    la idea es que la comunicacion interna sea mas laxa, y que al contrario la 20 sea full estricta

    en el nodo nube, solo tengo una tarjeta fisica de red con una ip publica.

    por ahora lo que tengo hecho es hacer un bridge vlan aware, y de ahi 3 vlans (quiero una para netbird y otra para tailscale. por si se cae una, no quedarme fuera)

    tengo forward NAT de la ip publica al bridge

    cuando literal, no tengo internet en los contenedores... en el mejor de los casos, no son accesibles los puertos que quiero, el 80 y 443, para desplegar netbird.

    y ahi estoy bloqueado.
    no hay puta forma de pasar de ese tercer pantallazo.

    @t3rr0rz0n3 @z3r0

    que estoy haciendo mal? seguramente de mucho a todo. como dije, hasta ahora mis redes eran muy.... libres. y es literal mi primer cluster hibrido y la primera vez que trasteo con vlans.

    se agradece mucho #boost

  25. ayuda #fediverso #redes #seguridad #firewalls

    estoy montando un #cluster #proxmox #hibrido un nodo en casa otro en la #nube

    tengo muy poca puta idea de firewalls. hasta la fecha, ponia uno en el edge, que bloqueara todo lo feo, y adentro, todo abierto. y aparte de eso, el concepto de un firewall cliente, un firewall servidor

    pero me estoy liando que flipas con proxmox. uno a nivel de datacenter. uno a nivel de nodo. uno a nivel de contenedor e incluso puedes activar desactivar por cada tarjeta de red? me estoy volviendo loco. tengo entendido, muy a grandes rasgos que: desde lo mas exterior, hay que bloquear todo salvo los puertos web y VPN. desde lo mas cercano: el contenedor, bloquear todo salvo la actividad de la aplicacion en si, sea la que sea. y en medio, capas inter nodo: la comunicacion entre nodo y contenedores. pero seguramente haya formas mas precisas y correctas de hacerlo. he estudiado esto... un par de horas ayer. no exagero.

    me puede alguien ayudar por favor, en guiarme en lograr lo siguiente?

    quiero que el cluster pueda comunicar de forma interna (vpn) y externa, exponiendo por netbird.

    pensaba tener una vlan 10.0.10.1/24 para interno y 10.0.20.1/24 para exponer

    la idea es que la comunicacion interna sea mas laxa, y que al contrario la 20 sea full estricta

    en el nodo nube, solo tengo una tarjeta fisica de red con una ip publica.

    por ahora lo que tengo hecho es hacer un bridge vlan aware, y de ahi 3 vlans (quiero una para netbird y otra para tailscale. por si se cae una, no quedarme fuera)

    tengo forward NAT de la ip publica al bridge

    cuando literal, no tengo internet en los contenedores... en el mejor de los casos, no son accesibles los puertos que quiero, el 80 y 443, para desplegar netbird.

    y ahi estoy bloqueado.
    no hay puta forma de pasar de ese tercer pantallazo.

    @t3rr0rz0n3 @z3r0

    que estoy haciendo mal? seguramente de mucho a todo. como dije, hasta ahora mis redes eran muy.... libres. y es literal mi primer cluster hibrido y la primera vez que trasteo con vlans.

    se agradece mucho #boost

  26. ayuda #fediverso #redes #seguridad #firewalls

    estoy montando un #cluster #proxmox #hibrido un nodo en casa otro en la #nube

    tengo muy poca puta idea de firewalls. hasta la fecha, ponia uno en el edge, que bloqueara todo lo feo, y adentro, todo abierto. y aparte de eso, el concepto de un firewall cliente, un firewall servidor

    pero me estoy liando que flipas con proxmox. uno a nivel de datacenter. uno a nivel de nodo. uno a nivel de contenedor e incluso puedes activar desactivar por cada tarjeta de red? me estoy volviendo loco. tengo entendido, muy a grandes rasgos que: desde lo mas exterior, hay que bloquear todo salvo los puertos web y VPN. desde lo mas cercano: el contenedor, bloquear todo salvo la actividad de la aplicacion en si, sea la que sea. y en medio, capas inter nodo: la comunicacion entre nodo y contenedores. pero seguramente haya formas mas precisas y correctas de hacerlo. he estudiado esto... un par de horas ayer. no exagero.

    me puede alguien ayudar por favor, en guiarme en lograr lo siguiente?

    quiero que el cluster pueda comunicar de forma interna (vpn) y externa, exponiendo por netbird.

    pensaba tener una vlan 10.0.10.1/24 para interno y 10.0.20.1/24 para exponer

    la idea es que la comunicacion interna sea mas laxa, y que al contrario la 20 sea full estricta

    en el nodo nube, solo tengo una tarjeta fisica de red con una ip publica.

    por ahora lo que tengo hecho es hacer un bridge vlan aware, y de ahi 3 vlans (quiero una para netbird y otra para tailscale. por si se cae una, no quedarme fuera)

    tengo forward NAT de la ip publica al bridge

    cuando literal, no tengo internet en los contenedores... en el mejor de los casos, no son accesibles los puertos que quiero, el 80 y 443, para desplegar netbird.

    y ahi estoy bloqueado.
    no hay puta forma de pasar de ese tercer pantallazo.

    @t3rr0rz0n3 @z3r0

    que estoy haciendo mal? seguramente de mucho a todo. como dije, hasta ahora mis redes eran muy.... libres. y es literal mi primer cluster hibrido y la primera vez que trasteo con vlans.

    se agradece mucho #boost

  27. Blocking Empty UA Outside of Feed Requests

    I wanted to add an htaccess rule to NLJ blocking requests from empty user agents (and "-" user agengs). I looked into the best way to do it and found a 2017 answer on Stack Overflow. This solution is interesting because it explicitly allows requests to the site's feed. While I have not noticed empty user agent requests for our feeds, there are many niche feed readers out there, so I went with a modified version of this snippet to be on the safe side.

    social.emucafe.org/naferrell/b

  28. Using Cloudron’s IP Firewall

    This site is hosted on the same server as The New Leaf Journal, and I use Cloudron to manage the server. Beginning around early spring last year, The New Leaf Journal began to crash once every few days when Cloudron health checks failed (I have not had any similar issues with this site, which is much lower traffic). I attributed the problems to bot traffic, and I think I was correct to do so. I tried many fixes, some of which worked for a time before the downtime problems returned. After […]

    social.emucafe.org/naferrell/u

  29. @distrowatch I faced ddos from all sorts of bots couple of months back when I started with a search engine. I ended up blocking 10K or so bots. If you want you can use it for your blocking/iptables/firewall: git.flossboxin.org.in/vdbhb59/

    There maybe few false positives which I can delete if I am made aware of.
    Hope it will help. #botsblocking #hosts #firewalls

  30. FreeBSD's networking is incredibly powerful.
    Today I found out about pfil and pfilctl and thought “sweet, now I can run ipfw and pf at the same time” but the experts say don’t do that.
    It seems the idea is that you can e.g. hook the firewall directly on the network interface to speed up dropping packets or to e.g. hook only the firewall input into the network stack if you only want to filter on input.
    Right now I don’t have a use for this, but it’s good to know

    #FreeBSD #networking #firewalls

  31. Oh, look! 😲 Yet another "innovative" solution to trick your way past #firewalls by dressing up your traffic in a fedora and trench coat of SMTP emails. Because clearly, the best way to sneak past #security is to pretend you're still living in the '90s when #email was the ultimate cloak of invisibility. 🕵️‍♂️📧
    github.com/x011/smtp-tunnel-pr #innovative #solutions #bypassing #vintage #tech #cloakofinvisibility #HackerNews #ngated

  32. The President of the Central Association of German Crafts, Jörg Dittrich, has cautioned against allowing the burgeoning debate surrounding a "firewall" against... news.osna.fm/?p=24851 | #news #amid #concerns #crafts #firewalls

  33. 🚫 Oh, the irony! In a riveting twist, our tech wizards decided to jump ship from #OpenBSD to #FreeBSD for firewalls—only to lock themselves out of their own blog post. 🔒 Maybe next time, consider #permissions before making grand announcements? 🤦‍♂️
    utcc.utoronto.ca/~cks/space/bl #firewalls #techhumor #irony #HackerNews #ngated