What do you run; Opnsense, pfsense, Smoothwall, maybe a WAF like wazuh?

Today was update/audit firewall day. I’m running a standalone instance of pFsense on a Protectli Vault FW4B - 4 Port - Intel Quad Core - 8GB RAM - 120GB mSATA SSD with unbound, pfBlockerNG, Suricata, ntopng, and heavily filtered. I did bump the swap to 8 GB as I’ve previously noticed a few ‘out of swap’ errors under load.

Before I signed off, I ran it through a couple porn sites to see if my adblocking strategy was working. Not one intrusive ad. Sweet!

Show me what you got.

  • PlutoniumAcid@lemmy.world
    4·
    3 days ago

    Same. What’s the deal with having elaborate firewall stuff for a normal family home anyway?

    If the built in stuff isn’t good enough then 99.9% of households would be compromised a long time ago already.

    • irmadlad@lemmy.worldOPEnglish
      4·
      3 days ago

      The last stats I remember reading cited some 1.5 million home networks are compromised on a daily basis. Some people, such as myself, run more complex services on their local servers that are perhaps tied into remotes such as VPS. You’ll see a lot of selfhosters with rather elaborate firewall defenses set up. I self host a lot of services I use that the ‘normal family home’ would outsource to public entities. I have a rack in the closet and several VPS, so I need something more than just Windows Firewall, or similar, that I can dial in to my unique environment.

      Also, because I can.

      • PlutoniumAcid@lemmy.world
        2·
        2 days ago

        Valid! I also tinker with selfhosting using Docker containers, didn’t think of firewalls the same way. Thank you.

          • PlutoniumAcid@lemmy.world
            2·
            1 day ago

            Nothing spectacular.

            Git, Paperless, UniFi Controller, Pihole, Mattermost chat, Immich, Home Assistant, Frigate, Syncthing, Hoarder. Just stuff for myself, my home, and my friends. And 🏴‍☠️

            And you?

            • irmadlad@lemmy.worldOPEnglish
              2·
              1 day ago

              The usual. Might be a few I’ve missed:

              • Homarr
              • Code-server
              • Netdata
              • Searxng
              • Change-detection
              • Readeck
              • Checkcle
              • Duckdns
              • Obsidian
              • Dozzle
              • Loki-promtail-1
              • Loki-loki-1
              • Root-influxdb2-1
              • Cadvisor-redis
              • Dbeaver
              • Pairdrop
              • Speedtest-tracker
              • Btop-plus-plus
              • Portainer
              • Grocy
              • Loki-grafana-1
              • Cup
              • Web-check
              • Omni-tools
              • Cadvisor-prometheus
              • Watchtower-fork
              • Barcode-buddy
              • Ittools
              • Nessus
              • Dockerbot
              • Fusion
              • Bytestash
              • Uptime-kuma
              • Karakeep-web
              • Karakeep-chrome
              • Karakeep-meili
              • Cadvisor
              • Gitlab
              • RocketChat
              • Anonaddy
              • Etherpad
              • Archivebox
              • FreshRSS
              • FileStash
              • piHole
              • LAMP Stack
              • UnRaid
              • Proxmox
    • thermal_shock@lemmy.worldEnglish
      3·
      3 days ago

      Some of it is for fun and testing, learning. Which I used to do. I used to have an old watchdog that I put pfsense on, just don’t need it nowadays.

      Once i learn how it works and have run through the setup, I move on. Just need to spend my time in other areas, but now I have an understanding of it and can apply that logic or idea to other things and troubleshooting.

      • PlutoniumAcid@lemmy.world
        1·
        2 days ago

        This is perfectly valid! I to a lot of tinkering with selfhosting using Docker containers, and I have learned a ton from that. I feel a bit silly that I didn’t make the connection with firewalls - just tinkering for fun!