https://www.freebsd.org/security/advisories/FreeBSD-SA-25:12.rtsold.asc
Remote code execution via IPv6 ND6 Router Advertisements
FreeBSD and maybe(?) OpnSense/pfSense might be affected for a RCE via a Layer2 ethernet packet
#PfSense
For anyone using #pfsense, I wrote this little converter [1] that takes the xml and generates a #Markdown file for each interface and its firewall rules. It also generates an alias.md file that has flags of whether that alias is dead/ unused or not.
At $DAYJOB, we have to audit our firewall rules on a recurring basis, and this is a good way for us to update our docs quicker.
UCG Fiber đã sẵn có, nên từ bỏ PfSense? Người dùng UniFi đang đánh giá như thế nào? Bạn có mong muốn thêm tính năng nào? #PfSense #UniFi #Mạng #Networking #Firewall
https://www.reddit.com/r/selfhosted/comments/1pnemag/is_it_time_to_finally_get_rid_of_pfsense/
Precisando de ajuda, caso alguém tenha alguma idéia de como resolver este problema:
#pfsense #pfSenseCE #pfSensePlus #freebsd #cybersecurity #linux #redes #networking #network
Nova versão para o pfSense Plus 25.11.
Lembre-se sempre de realizar um backup completo do seu pfSense e em casos de HA, realize primeiro no DR.
#firewall #firewalldaily #pfsense #pfSensePlus #update #freebsd #cybersecurity
Para os usuários de pfSense Plus fiquem atentos antes de atualizarem para última versão. Há usuários relatando problemas com o uso de VLANs.
Para mais detalhes: https://redmine.pfsense.org/projects/pfsense-plus/activity
#firewall #firewalldaily #redes #cybersecurity #pfsense #pfSensePlus #pfSenseCE #freebsd
#pfsense 25.11 ✅
So i need some input.
I think to replace my unify gear for european / open source one.
And i heavily hesitate between an opensource router with opnsense (from eu).
Or a mikrotik router.
Can any #network or #mikrotik #opensense #pfsense user give me any input.
Also does the one you own provide update / system update to EU server (even as mirror).
i need multiple wifi AP that share the same network
Thanks
#question #fedihelp #network #internet #eu #buyeu @buyeuropean@feddit.uk @buyeuropean@mastodon.social @mikrotik
Nedbrud #pfsense . Pga. en strømafbrydelse brød emmc storage disk sammen i min netgate 4200 🤬🥺😦😩
Måtte finde en passende nvme m2 SSD at sætte i. Heldigvis havde den et ledigt slot til det. 🤪
Efter en del arbejde, og opsætning i pfsense(jeg valgte at starte forfra, da jeg samtidig havde installeret nyeste opdatering med ny kea-dhcp server, og kunne rydde ud i fw-rules mm), kører bussen nu igen 🤓🤩
Blev dog en smule pissed over at noget skulle gå i stykker så 'let' pga. en strømafbrydelse. 😠🤬
I have multiple interfaces configured on #pfsense so it shouldn't be difficult to route one through the VPN whilst leaving the other one based in the UK. The interfaces connect to different access points so can join one or the other depending on what location I want to use 2/2
I have multiple interfaces configured on #pfsense so it shouldn't be difficult to route one through the VPN whilst leaving the other one based in the UK. The interfaces connect to different access points so can join one or the other depending on what location I want to use
With all the nonsense around the Online Safety Act and now the British government toying with the idea of introducing age verrification to donwload a #VPN, I'm finally looking to implement a router level VPN for the family. 1/2
Start your engines! pfSense Plus 25.11 is out.
#pfSense #pfSensePlus #Netgate
https://www.netgate.com/blog/netgate-releases-pfsense-plus-software-version-25.11
Does anyone know how to setup #NAT46 on #pfSense within a #LAN?
The Problem is that I want to provide #IPv6-connectivity on #WAN without having to deal with IPv6 in #LAN.
- Right now I'm ponderig using
fc:: /7on #LAN with #DHCPv6 but the problem is that #Vodafone's shitbox connection is flaky af and the only #Fallback that I currently have is their shitty #LTE which is #IPv4only woth #CGNAT in #RFC1918 (10.0.0.0 /8) and no IPv6 connectivity, thus everytime shit flip-flops connectivity is completely gone on IPv6 and only #IPv4 is on that backup link.
So since I don't have a Provider-Independent IP space and my #ISP is so fucking incompetent that I hereby beg @BNetzA to finally seize their network and nationalize/socialize it I am basically stuck on IPv4 connectivity.
The only workarounds I know would necessitate using a #HurricaneElectric #GIF-Tunnel for IPv6 on fallback, which won't work because OFC Vodafone doesn't offer me a static IPv4 or even stazic IPv6-Subnet on their mobile network and I got #DualStack on #WAN on the primary network.
The problem re: routing exists for all #MultiWAN setups and I won't pay for #Vipritnet or setup my own #ASN and blow money on a @ripencc membership just to get PI Address Space and having to setup my own Gateway to VPN into through all my WAN & #WWAN connections.
Also the false premise of many sites to prefer IPv6 over IPv4 causes everything to break apart at the slightest disruption.
- IPv6 really annoys me because unlike IPv4, it just doesn't work and everytime I have to deal with it it's a pain in the ass...
Motiviert durch die Telekom, die ungefragt Daten über meine Geräte im LAN erfasst und auf deren Kundenportal für mich "aufbereitet", möchte ich gerne meinen Speedport als DSL-Modem nutzen und dahinter meine eigene Firewall, DNS-Infrastruktur, Wifi, DHCP betreiben.
Als Firewall schwebt mit eine Netgate Appliance mit PFSense CE vor.
Zwei 1 Gbit/s Ports reichen. Ich würde den "LAN" Port ohnehin als Trunk mit tagged VLANs konfigurieren (DMZ und LAN-VLAN)
Ich würde darüber auch gerne Wireguard als VPN einsetzen (was über ein separates Paket möglich ist).
Hat jemand Erfahrungen mit PFSense auf Netgate Appliances?
Just built a new #firewall using #opnsense as its previous incarnation that uses #pfsense was getting a little long in tooth.
My setup is generally fairly simple - one "regular" LAN with IPv4 & IPv6, plus two VLANs that are IPv4 only, mostly so I can keep cr*p like IOT devices off my main network. It does have a quirk inasmuch as i have a secondary WAN connection via a fixed wireless setup, and of course I left setting that up as an exercise for later.
It was the first time I experimented with #opnsense and the basic setup was pretty easy. I did have the configuration pages for my pfsense setup open to make sure I set up the VLANs the same way, and all in all it was easy.
Cần nâng cấp router để có tốc độ tốt hơn và riêng tư hơn với VPN! Router hiện tại không hỗ trợ firmware tùy chỉnh và làm chậm VPN đáng kể. Đang phân vân giữa tự build router, dùng PC cũ, hoặc mua router cài sẵn Opnsense/Pfsense. Muốn tất cả thiết bị đều qua VPN mà vẫn nhanh. Bạn có lời khuyên gì không?
#Router #VPN #DIY #SelfHosted #Opnsense #Pfsense #Network #Mạng #BảoMật #RiêngTư
https://www.reddit.com/r/selfhosted/comments/1pekp38/advice_on_diy_or_preflashed_router/
Как я построил полностью изолированную пентест-лабораторию и почему ИИ нельзя доверять
Как я построил полностью изолированную пентест-лабораторию и почему ИИ нельзя доверять Уже месяц я изучаю создание пентест-инструментов (назовем это так, чтобы с модерацией проблем не было :-)) по книге "Black Hat Go", и до недавних пор я тестировал малварь на своём хосте, ибо в них нет ничего опасного, это простейшие утилиты по типу TCP-сканера. Значит, нужно построить свою виртуальную и изолированную лабу. В них должно быть минимум 3 машины: Windows 11 в роли жертвы, Ubuntu server lts в роли C2 сервака, и, конечно, классический Metasploitable2 опять же в роли жертвы. Читать, как я мучился последние 3 дня
https://habr.com/ru/articles/973434/
#изолированная_пентестлаборатория #malware_analysis #pfsense #виртуальная_сеть #виртуализация_KVM #libvirt #сетевой_изолятор #сетевые_правила_firewall #изоляция_трафика #информационная_безопасность
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst