#firewalls — Public Fediverse posts

Überall per SSH erreichbar mit TOR

https://friendica.ambag.es/display/e0590d38-326a-0309-882d-75d721244053

The dshield.org blocklist is probably one of the most useful IP blocklists I have used over the years. Digital Ocean and OVH IP ranges used to feature prominently. It seems that Google Cloud and Hurricane Electric have taken over lately.

See https://isc.sans.edu/feeds/block.txt and also the Internet Storm Center https://isc.sans.edu/index.html

#firewalls #blocklist #security #cybersecurity #sans

The dshield.org blocklist is probably one of the most useful IP blocklists I have used over the years. Digital Ocean and OVH IP ranges used to feature prominently. It seems that Google Cloud and Hurricane Electric have taken over lately.

See https://isc.sans.edu/feeds/block.txt and also the Internet Storm Center https://isc.sans.edu/index.html

#firewalls #blocklist #security #cybersecurity #sans

The dshield.org blocklist is probably one of the most useful IP blocklists I have used over the years. Digital Ocean and OVH IP ranges used to feature prominently. It seems that Google Cloud and Hurricane Electric have taken over lately.

See https://isc.sans.edu/feeds/block.txt and also the Internet Storm Center https://isc.sans.edu/index.html

#firewalls #blocklist #security #cybersecurity #sans

The dshield.org blocklist is probably one of the most useful IP blocklists I have used over the years. Digital Ocean and OVH IP ranges used to feature prominently. It seems that Google Cloud and Hurricane Electric have taken over lately.

See https://isc.sans.edu/feeds/block.txt and also the Internet Storm Center https://isc.sans.edu/index.html

#firewalls #blocklist #security #cybersecurity #sans

Jugando con Kathará para emular redes TCP/IP! 🚀

Kathará es el sucesor "espiritual" del viejo Netkit / UML (User-Mode Linux)... recuerdo que lo usaba en una distro live llamada Knoppix (hoy con otro propósito).

Se ve muy interesante para incorporarla a las clases!

Seguramente haga algo de contenido sobre esto 🙂

https://youtu.be/CPYsuUeR6cE

+Info: https://www.kathara.org/

#uml #netkit #gnu #linux #docker #networking #networkemulation #kathara #tcpip #firewalls #iptables #nftables

Jugando con Kathará para emular redes TCP/IP! 🚀

Kathará es el sucesor "espiritual" del viejo Netkit / UML (User-Mode Linux)... recuerdo que lo usaba en una distro live llamada Knoppix (hoy con otro propósito).

Se ve muy interesante para incorporarla a las clases!

Seguramente haga algo de contenido sobre esto 🙂

https://youtu.be/CPYsuUeR6cE

+Info: https://www.kathara.org/

#uml #netkit #gnu #linux #docker #networking #networkemulation #kathara #tcpip #firewalls #iptables #nftables

Jugando con Kathará para emular redes TCP/IP! 🚀

Kathará es el sucesor "espiritual" del viejo Netkit / UML (User-Mode Linux)... recuerdo que lo usaba en una distro live llamada Knoppix (hoy con otro propósito).

Se ve muy interesante para incorporarla a las clases!

Seguramente haga algo de contenido sobre esto 🙂

https://youtu.be/CPYsuUeR6cE

+Info: https://www.kathara.org/

#uml #netkit #gnu #linux #docker #networking #networkemulation #kathara #tcpip #firewalls #iptables #nftables

Jugando con Kathará para emular redes TCP/IP! 🚀

Kathará es el sucesor "espiritual" del viejo Netkit / UML (User-Mode Linux)... recuerdo que lo usaba en una distro live llamada Knoppix (hoy con otro propósito).

Se ve muy interesante para incorporarla a las clases!

Seguramente haga algo de contenido sobre esto 🙂

https://youtu.be/CPYsuUeR6cE

+Info: https://www.kathara.org/

#uml #netkit #gnu #linux #docker #networking #networkemulation #kathara #tcpip #firewalls #iptables #nftables

Jugando con Kathará para emular redes TCP/IP! 🚀

Kathará es el sucesor "espiritual" del viejo Netkit / UML (User-Mode Linux)... recuerdo que lo usaba en una distro live llamada Knoppix (hoy con otro propósito).

Se ve muy interesante para incorporarla a las clases!

Seguramente haga algo de contenido sobre esto 🙂

https://youtu.be/CPYsuUeR6cE

+Info: https://www.kathara.org/

#uml #netkit #gnu #linux #docker #networking #networkemulation #kathara #tcpip #firewalls #iptables #nftables

Why a Locked Floppy Disk Could Be Safer Than a Modern Network

Dear Cherubs, in the 1990s, office security had the elegance of a locked drawer and the threat model of a very determined coat thief. Floppy disks were the workhorses of the era, and Britannica notes they were popular from the 1970s until the late 1990s, made of flexible plastic coated with magnetic material. Before the internet became an everyday business utility, many workplaces were still mostly offline; Pew Research found that in 1995 only 14% of U.S. adults had internet access, and 42% had never heard of it.

THE LOCKED-BOX LOGIC

If your payroll files, drafts, and backups lived on removable media, the cleanest security move was physical control. Put the disks in a cabinet, lock the cabinet, and hope nobody on the third floor had a master key and a curious streak. It was a blunt system, but it worked because access was local, slow, and obvious. If someone needed a copy, they usually had to walk over, ask, sign something, and maybe endure a suspicious look from whoever guarded the supply room.

That is the part people forget when they romanticize the old days. The security was not magical; the attack surface was just tiny. To steal the data, someone usually had to be in the building, or at least within arm’s reach of the media. Annoyingly low-tech, yes. Also annoyingly effective.

MODERN SECURITY, NEW PROBLEMS

Once files moved onto networks and cloud systems, the game changed. NIST defines intrusion detection as monitoring events in a system or network for signs of possible incidents, and says intrusion prevention systems can also try to stop them. CISA says firewalls shield computers and networks from malicious or unnecessary traffic, while NIST says cryptography is used to protect sensitive digitized information during transmission and while in storage. In other words: the modern office traded one locked box for a whole stack of digital locks, alarms, and panic buttons.

Of course, the modern setup has its own virtues. Data can be backed up automatically, shared instantly, and protected with layered controls that the floppy-disk era never needed. NIST’s storage-encryption guidance still says organizations should physically secure devices and removable media, which is a polite way of saying: the box still matters, even when the box now lives in a server rack. Security did not become less important; it became more complicated, which is basically the same thing with extra meetings.

So yes, a locked plastic box full of floppies could be safer than a badly configured internet-facing system. But that is not because the past was wiser. It is because the past had fewer doors, fewer windows, and fewer strangers trying every handle on the planet at once. Security has always been a trade-off between convenience and control; we just used to do the math with keys instead of passwords.

Sources:
Britannica — https://www.britannica.com/technology/floppy-disk
Pew Research Center — https://www.pewresearch.org/internet/2014/02/27/part-1-how-the-internet-has-woven-itself-into-american-life/
NIST SP 800-94 — https://csrc.nist.gov/pubs/sp/800/94/final
CISA firewalls — https://www.cisa.gov/news-events/news/understanding-firewalls-home-and-small-office-use
NIST SP 800-175B Rev. 1 — https://csrc.nist.gov/pubs/sp/800/175/b/r1/final
NIST SP 800-111 — https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-111.pdf
Wikimedia Commons image page — https://commons.wikimedia.org/wiki/File:Floppy_Disk_HD.jpg

Why a Locked Floppy Disk Could Be Safer Than a Modern Network

Dear Cherubs, in the 1990s, office security had the elegance of a locked drawer and the threat model of a very determined coat thief. Floppy disks were the workhorses of the era, and Britannica notes they were popular from the 1970s until the late 1990s, made of flexible plastic coated with magnetic material. Before the internet became an everyday business utility, many workplaces were still mostly offline; Pew Research found that in 1995 only 14% of U.S. adults had internet access, and 42% had never heard of it.

THE LOCKED-BOX LOGIC

If your payroll files, drafts, and backups lived on removable media, the cleanest security move was physical control. Put the disks in a cabinet, lock the cabinet, and hope nobody on the third floor had a master key and a curious streak. It was a blunt system, but it worked because access was local, slow, and obvious. If someone needed a copy, they usually had to walk over, ask, sign something, and maybe endure a suspicious look from whoever guarded the supply room.

That is the part people forget when they romanticize the old days. The security was not magical; the attack surface was just tiny. To steal the data, someone usually had to be in the building, or at least within arm’s reach of the media. Annoyingly low-tech, yes. Also annoyingly effective.

MODERN SECURITY, NEW PROBLEMS

Once files moved onto networks and cloud systems, the game changed. NIST defines intrusion detection as monitoring events in a system or network for signs of possible incidents, and says intrusion prevention systems can also try to stop them. CISA says firewalls shield computers and networks from malicious or unnecessary traffic, while NIST says cryptography is used to protect sensitive digitized information during transmission and while in storage. In other words: the modern office traded one locked box for a whole stack of digital locks, alarms, and panic buttons.

Of course, the modern setup has its own virtues. Data can be backed up automatically, shared instantly, and protected with layered controls that the floppy-disk era never needed. NIST’s storage-encryption guidance still says organizations should physically secure devices and removable media, which is a polite way of saying: the box still matters, even when the box now lives in a server rack. Security did not become less important; it became more complicated, which is basically the same thing with extra meetings.

So yes, a locked plastic box full of floppies could be safer than a badly configured internet-facing system. But that is not because the past was wiser. It is because the past had fewer doors, fewer windows, and fewer strangers trying every handle on the planet at once. Security has always been a trade-off between convenience and control; we just used to do the math with keys instead of passwords.

Sources:
Britannica — https://www.britannica.com/technology/floppy-disk
Pew Research Center — https://www.pewresearch.org/internet/2014/02/27/part-1-how-the-internet-has-woven-itself-into-american-life/
NIST SP 800-94 — https://csrc.nist.gov/pubs/sp/800/94/final
CISA firewalls — https://www.cisa.gov/news-events/news/understanding-firewalls-home-and-small-office-use
NIST SP 800-175B Rev. 1 — https://csrc.nist.gov/pubs/sp/800/175/b/r1/final
NIST SP 800-111 — https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-111.pdf
Wikimedia Commons image page — https://commons.wikimedia.org/wiki/File:Floppy_Disk_HD.jpg

Why a Locked Floppy Disk Could Be Safer Than a Modern Network

Dear Cherubs, in the 1990s, office security had the elegance of a locked drawer and the threat model of a very determined coat thief. Floppy disks were the workhorses of the era, and Britannica notes they were popular from the 1970s until the late 1990s, made of flexible plastic coated with magnetic material. Before the internet became an everyday business utility, many workplaces were still mostly offline; Pew Research found that in 1995 only 14% of U.S. adults had internet access, and 42% had never heard of it.

THE LOCKED-BOX LOGIC

If your payroll files, drafts, and backups lived on removable media, the cleanest security move was physical control. Put the disks in a cabinet, lock the cabinet, and hope nobody on the third floor had a master key and a curious streak. It was a blunt system, but it worked because access was local, slow, and obvious. If someone needed a copy, they usually had to walk over, ask, sign something, and maybe endure a suspicious look from whoever guarded the supply room.

That is the part people forget when they romanticize the old days. The security was not magical; the attack surface was just tiny. To steal the data, someone usually had to be in the building, or at least within arm’s reach of the media. Annoyingly low-tech, yes. Also annoyingly effective.

MODERN SECURITY, NEW PROBLEMS

Once files moved onto networks and cloud systems, the game changed. NIST defines intrusion detection as monitoring events in a system or network for signs of possible incidents, and says intrusion prevention systems can also try to stop them. CISA says firewalls shield computers and networks from malicious or unnecessary traffic, while NIST says cryptography is used to protect sensitive digitized information during transmission and while in storage. In other words: the modern office traded one locked box for a whole stack of digital locks, alarms, and panic buttons.

Of course, the modern setup has its own virtues. Data can be backed up automatically, shared instantly, and protected with layered controls that the floppy-disk era never needed. NIST’s storage-encryption guidance still says organizations should physically secure devices and removable media, which is a polite way of saying: the box still matters, even when the box now lives in a server rack. Security did not become less important; it became more complicated, which is basically the same thing with extra meetings.

So yes, a locked plastic box full of floppies could be safer than a badly configured internet-facing system. But that is not because the past was wiser. It is because the past had fewer doors, fewer windows, and fewer strangers trying every handle on the planet at once. Security has always been a trade-off between convenience and control; we just used to do the math with keys instead of passwords.

Sources:
Britannica — https://www.britannica.com/technology/floppy-disk
Pew Research Center — https://www.pewresearch.org/internet/2014/02/27/part-1-how-the-internet-has-woven-itself-into-american-life/
NIST SP 800-94 — https://csrc.nist.gov/pubs/sp/800/94/final
CISA firewalls — https://www.cisa.gov/news-events/news/understanding-firewalls-home-and-small-office-use
NIST SP 800-175B Rev. 1 — https://csrc.nist.gov/pubs/sp/800/175/b/r1/final
NIST SP 800-111 — https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-111.pdf
Wikimedia Commons image page — https://commons.wikimedia.org/wiki/File:Floppy_Disk_HD.jpg

Why a Locked Floppy Disk Could Be Safer Than a Modern Network

Dear Cherubs, in the 1990s, office security had the elegance of a locked drawer and the threat model of a very determined coat thief. Floppy disks were the workhorses of the era, and Britannica notes they were popular from the 1970s until the late 1990s, made of flexible plastic coated with magnetic material. Before the internet became an everyday business utility, many workplaces were still mostly offline; Pew Research found that in 1995 only 14% of U.S. adults had internet access, and 42% had never heard of it.

THE LOCKED-BOX LOGIC

If your payroll files, drafts, and backups lived on removable media, the cleanest security move was physical control. Put the disks in a cabinet, lock the cabinet, and hope nobody on the third floor had a master key and a curious streak. It was a blunt system, but it worked because access was local, slow, and obvious. If someone needed a copy, they usually had to walk over, ask, sign something, and maybe endure a suspicious look from whoever guarded the supply room.

That is the part people forget when they romanticize the old days. The security was not magical; the attack surface was just tiny. To steal the data, someone usually had to be in the building, or at least within arm’s reach of the media. Annoyingly low-tech, yes. Also annoyingly effective.

MODERN SECURITY, NEW PROBLEMS

Once files moved onto networks and cloud systems, the game changed. NIST defines intrusion detection as monitoring events in a system or network for signs of possible incidents, and says intrusion prevention systems can also try to stop them. CISA says firewalls shield computers and networks from malicious or unnecessary traffic, while NIST says cryptography is used to protect sensitive digitized information during transmission and while in storage. In other words: the modern office traded one locked box for a whole stack of digital locks, alarms, and panic buttons.

Of course, the modern setup has its own virtues. Data can be backed up automatically, shared instantly, and protected with layered controls that the floppy-disk era never needed. NIST’s storage-encryption guidance still says organizations should physically secure devices and removable media, which is a polite way of saying: the box still matters, even when the box now lives in a server rack. Security did not become less important; it became more complicated, which is basically the same thing with extra meetings.

So yes, a locked plastic box full of floppies could be safer than a badly configured internet-facing system. But that is not because the past was wiser. It is because the past had fewer doors, fewer windows, and fewer strangers trying every handle on the planet at once. Security has always been a trade-off between convenience and control; we just used to do the math with keys instead of passwords.

Sources:
Britannica — https://www.britannica.com/technology/floppy-disk
Pew Research Center — https://www.pewresearch.org/internet/2014/02/27/part-1-how-the-internet-has-woven-itself-into-american-life/
NIST SP 800-94 — https://csrc.nist.gov/pubs/sp/800/94/final
CISA firewalls — https://www.cisa.gov/news-events/news/understanding-firewalls-home-and-small-office-use
NIST SP 800-175B Rev. 1 — https://csrc.nist.gov/pubs/sp/800/175/b/r1/final
NIST SP 800-111 — https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-111.pdf
Wikimedia Commons image page — https://commons.wikimedia.org/wiki/File:Floppy_Disk_HD.jpg

#Google says half of all #zerodays it tracked in #2025 targeted buggy #enterprise tech
Google said security and networking devices, #firewalls, #VPN and #virtualization platforms like Ivanti and VMware, were among targetes last year. All four of the companies said hackers have exploited their products on customer networks in recent months.
The remaining 52% of #zeroday bugs were found in consumer and end-user products, such as those made by Microsoft, Google, and Apple
https://techcrunch.com/2026/03/05/google-says-half-of-all-zero-days-it-tracked-in-2025-targeted-buggy-enterprise-tech/

ayuda #fediverso #redes #seguridad #firewalls

estoy montando un #cluster #proxmox #hibrido un nodo en casa otro en la #nube

tengo muy poca puta idea de firewalls. hasta la fecha, ponia uno en el edge, que bloqueara todo lo feo, y adentro, todo abierto. y aparte de eso, el concepto de un firewall cliente, un firewall servidor

pero me estoy liando que flipas con proxmox. uno a nivel de datacenter. uno a nivel de nodo. uno a nivel de contenedor e incluso puedes activar desactivar por cada tarjeta de red? me estoy volviendo loco. tengo entendido, muy a grandes rasgos que: desde lo mas exterior, hay que bloquear todo salvo los puertos web y VPN. desde lo mas cercano: el contenedor, bloquear todo salvo la actividad de la aplicacion en si, sea la que sea. y en medio, capas inter nodo: la comunicacion entre nodo y contenedores. pero seguramente haya formas mas precisas y correctas de hacerlo. he estudiado esto... un par de horas ayer. no exagero.

me puede alguien ayudar por favor, en guiarme en lograr lo siguiente?

quiero que el cluster pueda comunicar de forma interna (vpn) y externa, exponiendo por netbird.

pensaba tener una vlan 10.0.10.1/24 para interno y 10.0.20.1/24 para exponer

la idea es que la comunicacion interna sea mas laxa, y que al contrario la 20 sea full estricta

en el nodo nube, solo tengo una tarjeta fisica de red con una ip publica.

por ahora lo que tengo hecho es hacer un bridge vlan aware, y de ahi 3 vlans (quiero una para netbird y otra para tailscale. por si se cae una, no quedarme fuera)

tengo forward NAT de la ip publica al bridge

cuando literal, no tengo internet en los contenedores... en el mejor de los casos, no son accesibles los puertos que quiero, el 80 y 443, para desplegar netbird.

y ahi estoy bloqueado.
no hay puta forma de pasar de ese tercer pantallazo.

@t3rr0rz0n3 @z3r0

que estoy haciendo mal? seguramente de mucho a todo. como dije, hasta ahora mis redes eran muy.... libres. y es literal mi primer cluster hibrido y la primera vez que trasteo con vlans.

se agradece mucho #boost

ayuda #fediverso #redes #seguridad #firewalls

estoy montando un #cluster #proxmox #hibrido un nodo en casa otro en la #nube

tengo muy poca puta idea de firewalls. hasta la fecha, ponia uno en el edge, que bloqueara todo lo feo, y adentro, todo abierto. y aparte de eso, el concepto de un firewall cliente, un firewall servidor

pero me estoy liando que flipas con proxmox. uno a nivel de datacenter. uno a nivel de nodo. uno a nivel de contenedor e incluso puedes activar desactivar por cada tarjeta de red? me estoy volviendo loco. tengo entendido, muy a grandes rasgos que: desde lo mas exterior, hay que bloquear todo salvo los puertos web y VPN. desde lo mas cercano: el contenedor, bloquear todo salvo la actividad de la aplicacion en si, sea la que sea. y en medio, capas inter nodo: la comunicacion entre nodo y contenedores. pero seguramente haya formas mas precisas y correctas de hacerlo. he estudiado esto... un par de horas ayer. no exagero.

me puede alguien ayudar por favor, en guiarme en lograr lo siguiente?

quiero que el cluster pueda comunicar de forma interna (vpn) y externa, exponiendo por netbird.

pensaba tener una vlan 10.0.10.1/24 para interno y 10.0.20.1/24 para exponer

la idea es que la comunicacion interna sea mas laxa, y que al contrario la 20 sea full estricta

en el nodo nube, solo tengo una tarjeta fisica de red con una ip publica.

por ahora lo que tengo hecho es hacer un bridge vlan aware, y de ahi 3 vlans (quiero una para netbird y otra para tailscale. por si se cae una, no quedarme fuera)

tengo forward NAT de la ip publica al bridge

cuando literal, no tengo internet en los contenedores... en el mejor de los casos, no son accesibles los puertos que quiero, el 80 y 443, para desplegar netbird.

y ahi estoy bloqueado.
no hay puta forma de pasar de ese tercer pantallazo.

@t3rr0rz0n3 @z3r0

que estoy haciendo mal? seguramente de mucho a todo. como dije, hasta ahora mis redes eran muy.... libres. y es literal mi primer cluster hibrido y la primera vez que trasteo con vlans.

se agradece mucho #boost

ayuda #fediverso #redes #seguridad #firewalls

estoy montando un #cluster #proxmox #hibrido un nodo en casa otro en la #nube

tengo muy poca puta idea de firewalls. hasta la fecha, ponia uno en el edge, que bloqueara todo lo feo, y adentro, todo abierto. y aparte de eso, el concepto de un firewall cliente, un firewall servidor

pero me estoy liando que flipas con proxmox. uno a nivel de datacenter. uno a nivel de nodo. uno a nivel de contenedor e incluso puedes activar desactivar por cada tarjeta de red? me estoy volviendo loco. tengo entendido, muy a grandes rasgos que: desde lo mas exterior, hay que bloquear todo salvo los puertos web y VPN. desde lo mas cercano: el contenedor, bloquear todo salvo la actividad de la aplicacion en si, sea la que sea. y en medio, capas inter nodo: la comunicacion entre nodo y contenedores. pero seguramente haya formas mas precisas y correctas de hacerlo. he estudiado esto... un par de horas ayer. no exagero.

me puede alguien ayudar por favor, en guiarme en lograr lo siguiente?

quiero que el cluster pueda comunicar de forma interna (vpn) y externa, exponiendo por netbird.

pensaba tener una vlan 10.0.10.1/24 para interno y 10.0.20.1/24 para exponer

la idea es que la comunicacion interna sea mas laxa, y que al contrario la 20 sea full estricta

en el nodo nube, solo tengo una tarjeta fisica de red con una ip publica.

por ahora lo que tengo hecho es hacer un bridge vlan aware, y de ahi 3 vlans (quiero una para netbird y otra para tailscale. por si se cae una, no quedarme fuera)

tengo forward NAT de la ip publica al bridge

cuando literal, no tengo internet en los contenedores... en el mejor de los casos, no son accesibles los puertos que quiero, el 80 y 443, para desplegar netbird.

y ahi estoy bloqueado.
no hay puta forma de pasar de ese tercer pantallazo.

@t3rr0rz0n3 @z3r0

que estoy haciendo mal? seguramente de mucho a todo. como dije, hasta ahora mis redes eran muy.... libres. y es literal mi primer cluster hibrido y la primera vez que trasteo con vlans.

se agradece mucho #boost

ayuda #fediverso #redes #seguridad #firewalls

estoy montando un #cluster #proxmox #hibrido un nodo en casa otro en la #nube

tengo muy poca puta idea de firewalls. hasta la fecha, ponia uno en el edge, que bloqueara todo lo feo, y adentro, todo abierto. y aparte de eso, el concepto de un firewall cliente, un firewall servidor

pero me estoy liando que flipas con proxmox. uno a nivel de datacenter. uno a nivel de nodo. uno a nivel de contenedor e incluso puedes activar desactivar por cada tarjeta de red? me estoy volviendo loco. tengo entendido, muy a grandes rasgos que: desde lo mas exterior, hay que bloquear todo salvo los puertos web y VPN. desde lo mas cercano: el contenedor, bloquear todo salvo la actividad de la aplicacion en si, sea la que sea. y en medio, capas inter nodo: la comunicacion entre nodo y contenedores. pero seguramente haya formas mas precisas y correctas de hacerlo. he estudiado esto... un par de horas ayer. no exagero.

me puede alguien ayudar por favor, en guiarme en lograr lo siguiente?

quiero que el cluster pueda comunicar de forma interna (vpn) y externa, exponiendo por netbird.

pensaba tener una vlan 10.0.10.1/24 para interno y 10.0.20.1/24 para exponer

la idea es que la comunicacion interna sea mas laxa, y que al contrario la 20 sea full estricta

en el nodo nube, solo tengo una tarjeta fisica de red con una ip publica.

por ahora lo que tengo hecho es hacer un bridge vlan aware, y de ahi 3 vlans (quiero una para netbird y otra para tailscale. por si se cae una, no quedarme fuera)

tengo forward NAT de la ip publica al bridge

cuando literal, no tengo internet en los contenedores... en el mejor de los casos, no son accesibles los puertos que quiero, el 80 y 443, para desplegar netbird.

y ahi estoy bloqueado.
no hay puta forma de pasar de ese tercer pantallazo.

@t3rr0rz0n3 @z3r0

que estoy haciendo mal? seguramente de mucho a todo. como dije, hasta ahora mis redes eran muy.... libres. y es literal mi primer cluster hibrido y la primera vez que trasteo con vlans.

se agradece mucho #boost

ayuda #fediverso #redes #seguridad #firewalls

estoy montando un #cluster #proxmox #hibrido un nodo en casa otro en la #nube

tengo muy poca puta idea de firewalls. hasta la fecha, ponia uno en el edge, que bloqueara todo lo feo, y adentro, todo abierto. y aparte de eso, el concepto de un firewall cliente, un firewall servidor

pero me estoy liando que flipas con proxmox. uno a nivel de datacenter. uno a nivel de nodo. uno a nivel de contenedor e incluso puedes activar desactivar por cada tarjeta de red? me estoy volviendo loco. tengo entendido, muy a grandes rasgos que: desde lo mas exterior, hay que bloquear todo salvo los puertos web y VPN. desde lo mas cercano: el contenedor, bloquear todo salvo la actividad de la aplicacion en si, sea la que sea. y en medio, capas inter nodo: la comunicacion entre nodo y contenedores. pero seguramente haya formas mas precisas y correctas de hacerlo. he estudiado esto... un par de horas ayer. no exagero.

me puede alguien ayudar por favor, en guiarme en lograr lo siguiente?

quiero que el cluster pueda comunicar de forma interna (vpn) y externa, exponiendo por netbird.

pensaba tener una vlan 10.0.10.1/24 para interno y 10.0.20.1/24 para exponer

la idea es que la comunicacion interna sea mas laxa, y que al contrario la 20 sea full estricta

en el nodo nube, solo tengo una tarjeta fisica de red con una ip publica.

por ahora lo que tengo hecho es hacer un bridge vlan aware, y de ahi 3 vlans (quiero una para netbird y otra para tailscale. por si se cae una, no quedarme fuera)

tengo forward NAT de la ip publica al bridge

cuando literal, no tengo internet en los contenedores... en el mejor de los casos, no son accesibles los puertos que quiero, el 80 y 443, para desplegar netbird.

y ahi estoy bloqueado.
no hay puta forma de pasar de ese tercer pantallazo.

@t3rr0rz0n3 @z3r0

que estoy haciendo mal? seguramente de mucho a todo. como dije, hasta ahora mis redes eran muy.... libres. y es literal mi primer cluster hibrido y la primera vez que trasteo con vlans.

se agradece mucho #boost

Oh, I suppose I have been slacking and not telling you that if you order The Book of PF, 4th ed https://nostarch.com/book-of-pf-4th-edition now, you will get the *final version* ebook (print is still in progress) #bookofpf #openbsd #freebsd #networking #firewalls #pf #networktrickery #freesoftware #libresoftware @nostarch

Also see https://nxdomain.no/~peter/yes_the_book_of_pf_4th_ed_is_coming.html

@distrowatch I faced ddos from all sorts of bots couple of months back when I started with a search engine. I ended up blocking 10K or so bots. If you want you can use it for your blocking/iptables/firewall: https://git.flossboxin.org.in/vdbhb59/hosts/src/branch/main/bots.txt

There maybe few false positives which I can delete if I am made aware of.
Hope it will help. #botsblocking #hosts #firewalls

Oh, look! 😲 Yet another "innovative" solution to trick your way past #firewalls by dressing up your traffic in a fedora and trench coat of SMTP emails. Because clearly, the best way to sneak past #security is to pretend you're still living in the '90s when #email was the ultimate cloak of invisibility. 🕵️‍♂️📧
https://github.com/x011/smtp-tunnel-proxy #innovative #solutions #bypassing #vintage #tech #cloakofinvisibility #HackerNews #ngated

Long rumored and eagerly anticipated by some, the fourth edition of The Book of PF is now available for preorder

More: https://nxdomain.no/~peter/yes_the_book_of_pf_4th_ed_is_coming.html (https://bsdly.blogspot.com/2025/07/yes-book-of-pf-4th-edition-is-coming.html), https://nostarch.com/book-of-pf-4th-edition @nostarch #openbsd #freebsd #pf #networking #bookofpf #freesoftware #firewalls

The actual printing has started, I hear

https://www.europesays.com/ie/216368/ Attackers exploit ScreenConnect & Microsoft 365 for breaches #AdvancedPersistentThreatProtection #BarracudaNetworks #CyberAttacks #CyberThreat #Cybercrime #Cybersecurity #DataTheft #Éire #EmailSecurity #EnterpriseSecurity #Firewalls #IE #InsiderThreats #Ireland #Microsoft #Microsoft365 #MultiFactorAuthentication(MFA) #NetworkSecurity #Phishing #PowerShell #ransomware #RemoteAccess #Technology #ThreatIntelligence

🚫 Oh, the irony! In a riveting twist, our tech wizards decided to jump ship from #OpenBSD to #FreeBSD for firewalls—only to lock themselves out of their own blog post. 🔒 Maybe next time, consider #permissions before making grand announcements? 🤦‍♂️
https://utcc.utoronto.ca/~cks/space/blog/sysadmin/OpenBSDToFreeBSDMove #firewalls #techhumor #irony #HackerNews #ngated

Alerta da CISA: Agências dos EUA falharam a correção de falhas críticas em firewalls Cisco e estão a ser atacadas
🔗 https://tugatech.com.pt/t74264-alerta-da-cisa-agencias-dos-eua-falharam-a-correcao-de-falhas-criticas-em-firewalls-cisco-e-estao-a-ser-atacadas

#ciberespionagem #cve #firewalls #internet #segurança #sem #soar #software #vpn #vulnerabilidades #web 

Alerta da CISA: Agências dos EUA falharam a correção de falhas críticas em firewalls Cisco e estão a ser atacadas
🔗 https://tugatech.com.pt/t74264-alerta-da-cisa-agencias-dos-eua-falharam-a-correcao-de-falhas-criticas-em-firewalls-cisco-e-estao-a-ser-atacadas

#ciberespionagem #cve #firewalls #internet #segurança #sem #soar #software #vpn #vulnerabilidades #web 

Alerta Cisco: Falhas graves em firewalls ASA e FTD agora usadas para ataques DoS que forçam reboots
🔗 https://tugatech.com.pt/t73993-alerta-cisco-falhas-graves-em-firewalls-asa-e-ftd-agora-usadas-para-ataques-dos-que-forcam-reboots

#ataque #cve #firewall #firewalls #ios #linux #malware #microsoft #mundo #root #rootkit #segurança #sem #software #vulnerabilidade #vulnerabilidades 

🎬 ¡Semana de edición! 🎞️

🎧 Mejorando los audios de las clases del nuevo curso de #nftables de JuncoTIC.com !

✨ Siempre intentando entregar la mejor calidad para nuestros alumnos 🙂

📤 Y ya empezando a subir las clases a la plataforma 🚀

🔜 ¡Pronto más novedades del lanzamiento!

#gnu #linux #learning #juncotic #educacion #softwarelibre #opensource #freesoftware #sysadmin #devops #curso #networking #lpic #tcpip #wireshark #python #flask #ssh #iptables #scripting #bash #firewalls

Threat actors continue to exploit #vulnerabilities in #security appliances, such as #firewalls and #VPN concentrators, to gain initial access. Not only #zerodays disclosed in 2025, but also old vulnerabilities remediated years ago, but left unpatched

https://www.hackmageddon.com/2025/10/07/cves-targeting-remote-access-technologies-in-2025/

Garland Technology on safeguarding critical infrastructure https://www.byteseu.com/1400689/ #AdvancedPersistentThreatProtection #apac #ArtificialIntelligence(AI) #australian #BreachPrevention #CloudAnalytics #CriticalInfrastructure #CyberThreat #CyberAttacks #cybersecurity #DataAnalytics #DigitalInfrastructure #firewalls #india #IndustrialControlSystems #interview #ITDepartment #Japan #malaysia #NetworkSecurity #NetworkVisibility #singapore #Technology

Buenos días! TZAG 👋 Tengan lindo lunes y buena semana! ✨

Ando, con una "página en blanco" de #GNS3 para grabar nuevos ejemplos de #nftables para el curso 😄

Me gusta cómo va evolucionando el proyecto, y antes recuerdo que me daba muchos problemas.

Da mucho juego para simular redes y jugar con #firewalls, tráfico, #wireshark, #tcpdump, #ciberseguridad, #tunelling, #vpn...

Podría armar un curso de esto, creo que serviría a mis alumnos 🤔

#linux #opensource #freesoftware #sysadmin #devops

🔥 Oh, look! Another "how-to" article that name-drops Kali Linux like it’s a celebrity at a tech conference. 📱🎩 Apparently, a step-by-step guide to #firewalls includes detours through #Instagram and a generous sprinkling of buzzwords. 🤯🔒
https://kalilinuxtutorials.com/how-firewall-works-step-by-step/ #howto #KaliLinux #techbuzz #cybersecurity #HackerNews #ngated

Behavioral firewalls are quietly taking over as the digital sentinels of modern cybersecurity architecture. Unlike traditional firewalls that act like bouncers blocking known threats at the gate, behavioral firewalls operate more like surveillance analysts — tracking, interpreting, and...

https://medium.com/@mrsno1special/behavioral-firewalls-and-psychological-profiling-are-we-coding-paranoia-into-cybersecurity-79e5b96c3301

# #behavioral #firewalls #quietly #taking #digital

HIRING: Deputy Director, Physical & Cyber Security / San Jose, California
💰 USD 208K+

👉 https://isecjobs.com/J882697/

#Analytics #Audits #CISA #CISM #CISO #CISSP #Clearance #Compliance #Firewalls #Incidentresponse #SanJose #CyberSec #security #VTA

🍲 Daemon Soup: The Cybersecurity Tiers of Small Businesses #cybersecurity, #smallbusiness, #digitaldefense, #DaemonSoup, #cybersecuritytiers, #businesssecurity, #passwordprotection, #employeetraining, #multifactorauthentication, #encryption, #penetrationtesting, #firewalls, #antivirus, #cybersecuritystrategy, #dataprotection, #securitybestpractices, #cyberthreats, #ITsecurity, #systemfortification, #cyberresilience, #threatdetection

http://tomsitcafe.com/2025/04/09/%f0%9f%8d%b2-daemon-soup-the-cybersecurity-tiers-of-small-businesses/

🍲 Daemon Soup: The Cybersecurity Tiers of Small Businesses #cybersecurity, #smallbusiness, #digitaldefense, #DaemonSoup, #cybersecuritytiers, #businesssecurity, #passwordprotection, #employeetraining, #multifactorauthentication, #encryption, #penetrationtesting, #firewalls, #antivirus, #cybersecuritystrategy, #dataprotection, #securitybestpractices, #cyberthreats, #ITsecurity, #systemfortification, #cyberresilience, #threatdetection

http://tomsitcafe.com/2025/04/09/%f0%9f%8d%b2-daemon-soup-the-cybersecurity-tiers-of-small-businesses/

🍲 Daemon Soup: The Cybersecurity Tiers of Small Businesses #cybersecurity, #smallbusiness, #digitaldefense, #DaemonSoup, #cybersecuritytiers, #businesssecurity, #passwordprotection, #employeetraining, #multifactorauthentication, #encryption, #penetrationtesting, #firewalls, #antivirus, #cybersecuritystrategy, #dataprotection, #securitybestpractices, #cyberthreats, #ITsecurity, #systemfortification, #cyberresilience, #threatdetection

http://tomsitcafe.com/2025/04/09/%f0%9f%8d%b2-daemon-soup-the-cybersecurity-tiers-of-small-businesses/

HIRING: Deputy Director, Physical & Cyber Security / San Jose, California
💰 USD 208K+

👉 https://isecjobs.com/J806992/

#Analytics #Audits #CISA #CISM #CISO #CISSP #Clearance #Compliance #Firewalls #Incidentresponse #VTA

US Sanctions Chinese Cybersecurity Firm for 2020 Ransomware Attack – Source: www.techrepublic.com https://ciso2ciso.com/us-sanctions-chinese-cybersecurity-firm-for-2020-ransomware-attack-source-www-techrepublic-com/ #rssfeedpostgeneratorecho #SecurityonTechRepublic #SecurityTechRepublic #CyberSecurityNews #dataexfiltration #vulnerabilities #sichuansilence #International #ransomware #firewalls #Security #Software #hacking #Sophos #China #USA

For those who don't know (which is most of you), this project has been the intense focus of my work, taking up a huge amount of my time, energy, and investigative effort for the past 14 months - while still helping others at Sophos publish their research; running an election campaign where I was a candidate for school board; speaking at Blue Hat, @defcon #Saintcon, #VirusBulletin and other conferences; guest lecturing to classes at CU Boulder; volunteering my time canvassing for political candidates; serving as a docent at the @mediaarchaeologylab; working as a poll worker during the current US election cycle; and starting up the Elect More Hackers (electmorehackers.com) organization.

Whew. It's actually kind of daunting just to read that. I also sometimes sleep and eat.

@SophosXOps has been, at its core, an institution that values radical transparency, and this story (and the earlier research investigations into the Operation Pacific Rim threat actors and incidents) demonstrates Sophos' commitment to truth and journalistic integrity, following a story wherever it leads.

I hope our publication today starts a larger conversation and collaboration within the cybersecurity industry - inside and outside the Cyber Threat Alliance, which Sophos actively supports and where I am proud to represent my employer - to work together to thwart the ambitions of nation-state threat actors such as the perpetrators of Operation Pacific Rim, in order to protect the privacy and safety of everyone, everywhere.

#PacificRim #OperationPacificRim #malware #china #hacking #hacks #infosec #firewalls #intrusiondetection

https://www.sophos.com/en-us/content/pacific-rim

As privacy advocates and cybersecurity pros, we know that maintaining control over our digital footprint is a constant battle. In 2024, the threat landscape continues to evolve, requiring more advanced, proactive approaches to defend both our privacy and security.

Here are key strategies for staying ahead of the curve:

1. Update Vigilance
Staying on top of OS and software updates is still one of the most effective ways to avoid exploits. Remember that vulnerabilities like BlueBorne and WPA2's KRACK have been successfully exploited but mitigated by timely patches. For those who prioritize control, manual updates are still the way to go. Review each changelog to assess any privacy concerns (i.e., telemetry changes)​.

2. Minimalism as a Strategy
The fewer programs you use, the smaller your attack surface. When it comes to privacy and security, minimalism isn't just a lifestyle—it's a tactic. Evaluate the software you install: does every app or service truly align with your goals? Stripping back unnecessary software reduces risks​​.

3. Linux: A Secure, Customizable Option
Consider adopting Linux for its robust control over security and privacy. Debian-based systems are known for stability, and with proper configuration, they provide a minimalistic and privacy-focused environment. Don't just stop at installation: configure your firewall, DNS, and daily operational scripts to reduce leaks and improve defense​.

4. Virtual Machines (VMs) for Containment
VMs, especially when combined with open-source virtualization software, offer excellent containment strategies. Whether you're doing OSINT, sandboxing risky software, or simply adding layers of defense between your host machine and the web, a well-configured virtual environment can drastically reduce exposure. This method is especially effective for isolating specific tasks, preventing cross-contamination between applications or services​​.

5. Advanced Browser and DNS Configuration
Use privacy-focused browsers like Firefox with hardened settings and explore the use of container tabs to isolate browsing sessions. For additional protection, employ DNS-over-HTTPS (DoH) or DNS-over-TLS to encrypt your DNS requests, mitigating man-in-the-middle attacks. Consider decentralized DNS services as a next step​​.

6. Firewall and VPN Integration
Layering firewalls with VPNs is essential. But go further: implement firewall rules that ensure your system doesn't make any network requests unless the VPN is active. This can protect you in case of VPN failure, ensuring that your data never travels over insecure networks​.

7. Use of Public and Private Keys for Authentication
Where possible, replace traditional passwords with public-key cryptography for authentication. This drastically reduces the threat of brute-force attacks and compromises on services requiring authentication.

8. Steganography & Disinformation
Beyond encryption, consider steganography for hiding critical data in plain sight. As an added layer of security, practice disinformation tactics: provide plausible but fake information that misleads adversaries, ensuring they pursue dead ends​.

9. Breach Monitoring and Response
With the rise in data breaches and logs from stealer malware, proactive monitoring of breach data can help defend against credential stuffing and identity theft. Regularly check breached data sites and consider using tools to alert you if any of your data appears in a public leak​​.

10. Self-Hosting for True Control
Take your privacy into your own hands by moving toward self-hosted solutions where possible. Whether it’s email, file storage, or other critical services, self-hosting allows you to maintain full control over your data and avoid the vulnerabilities that come with cloud providers​.

Stay safe, stay secure, and continue advancing your privacy and security strategy for 2024. The adversaries aren’t getting any slower; neither should we.

#Cybersecurity #Privacy #Infosec #AdvancedSecurity #Linux #VMs #OSINT #VPN #Firewalls #Minimalism #ThreatModeling #Disinformation #PublicKey #Steganography

Обзор аппаратного файервола Zyxel USG Flex 200H

Аппаратный файервол обычно интегрируют в сеть, когда обеспечивать защиту конечных пользователей программно становится слишком дорого и неэффективно. Вместо того, чтобы отдельно настраивать защитное программное обеспечение на каждом рабочем месте, проще выделить на роль секьюрити отдельную железку и управлять ей из единой точки. Это позволит защитить сеть от внешних и внутренних угроз, будь то злоумышленник или неосторожный пользователь. В этой статье мы расскажем про модель USG Flex 200H, предназначенную для обеспечения безопасности сетей небольших компаний. Традиционно, раскрутим все болтики и посмотрим, как устройство выглядит изнутри. Наливайте кофейку и усаживайтесь поудобнее.

https://habr.com/ru/companies/zyxel/articles/819277/

#zyxel #flex #firewall #firewalls #uos #marvell #marvell_armada

Обзор аппаратного файервола Zyxel USG Flex 200H

Аппаратный файервол обычно интегрируют в сеть, когда обеспечивать защиту конечных пользователей программно становится слишком дорого и неэффективно. Вместо того, чтобы отдельно настраивать защитное программное обеспечение на каждом рабочем месте, проще выделить на роль секьюрити отдельную железку и управлять ей из единой точки. Это позволит защитить сеть от внешних и внутренних угроз, будь то злоумышленник или неосторожный пользователь. В этой статье мы расскажем про модель USG Flex 200H, предназначенную для обеспечения безопасности сетей небольших компаний. Традиционно, раскрутим все болтики и посмотрим, как устройство выглядит изнутри. Наливайте кофейку и усаживайтесь поудобнее.

https://habr.com/ru/companies/zyxel/articles/819277/

#zyxel #flex #firewall #firewalls #uos #marvell #marvell_armada

Обзор аппаратного файервола Zyxel USG Flex 200H

Аппаратный файервол обычно интегрируют в сеть, когда обеспечивать защиту конечных пользователей программно становится слишком дорого и неэффективно. Вместо того, чтобы отдельно настраивать защитное программное обеспечение на каждом рабочем месте, проще выделить на роль секьюрити отдельную железку и управлять ей из единой точки. Это позволит защитить сеть от внешних и внутренних угроз, будь то злоумышленник или неосторожный пользователь. В этой статье мы расскажем про модель USG Flex 200H, предназначенную для обеспечения безопасности сетей небольших компаний. Традиционно, раскрутим все болтики и посмотрим, как устройство выглядит изнутри. Наливайте кофейку и усаживайтесь поудобнее.

https://habr.com/ru/companies/zyxel/articles/819277/

#zyxel #flex #firewall #firewalls #uos #marvell #marvell_armada

Just did a quick feasibility test connecting to a remote desktop from a browser running in the network of my employer ... working perfectly fine with my old DSL-50 connection 🥳

I think #firewalls these days are a bit silly, whatever they don't allow must be forced to work via #http (or better #https) instead 😂 -- and #guacamole is really a nice solution to do this for remote desktops. But as it's acting as a #gateway also handling #authentication, I finally feel comfortable making a connection with #xrdp accessible, which still doesn't support #NLA. When you see the "login screen" in guacamole, you are already authenticated ... so this feature lack is downgraded from a severe security concern to a mild annoyance (having to type your password again).

I have some networking questions but am totally out of my depth on this as I don't even know the terms to look for.

I have an ISP provided fiber box that acts as a router and WIFI endpoint and a separate #opnsense machine I'd like to continue using as my #router/#firewall/#DHCP server. It was previously configured for a cable modem so I'd plug the modem into the port I'd designated as WAN and everything would route properly.

I would like a similar setup: the ISP box handles the fiber (and maybe the WiFi if it can be done, but I do have a separate wifi AP) and the opnsense box handles everything else. I can disable DHCP on the ISP box no problem and enable it on my opnsense box and plug it into the WAN port, but then I'm totally unsure of what I'm even trying to do, routing/iptables/LAN wise in order to route traffic appropriately to the LAN portion of the network.

I suspect I absolutely cannot use the WIFI on the ISP box, which, again, is fine; it'd be nice but I imagine that would introduce a level of complexity no one is here for (clients would be connecting to what is currently designated as the WAN? I'd probably need some VLAN stuff maybe if it's even doable?)

Anyone have any idea what the appropriate terms are to even search for?

#opnsense #routing #homeNetworking #homeNetwork #LAN #WAN #fiberInternet #internet #networking #firewall #firewalls #pfsense #iptables #wifi

Das Land braucht neue #Firewalls.

Die #OPNsense Community Edition kann bereits auf eigener Hardware kostengünstig installiert werden, z.B. auf unserer Lieblingsplattform #APU2 die wir dutzendfach im Einsatz haben.

Sollten die Anforderungen noch höher sein, dann hilft die #OPNSense zertifizierte Hardware von #deciso die zusammen mit der Business Edition in geschäftskritischen Bereichen bedenkenlos eingesetzt werden kann.

#FreeBSD #UNIX