Lmst

Hey Fedi, was ist denn Deine Meinung zu #Netgate Firewalls? Ich würde gerne mein Heimnetz etwas besser unter Kontrolle bringen und unnötige Trackingkommunikation von "smarten" Geräten unterbinden und am liebsten auch die ganzen anderen Privacy-feindlichen Vorgänge, denen man täglich so ausgesetzt ist, schon auf Netzwerkebene blockieren. Taugen die Geräte von Netgate was oder ist das überteuert? Wie geht Ihr mit dieser Sache um? Ist-Zustand ist sehr basic: Bislang habe ich nur eine Fritzbox, AVM-Mesh-APs und ein paar unmanaged Switches für die Ethernetkabel.

#followerpower #firewall #privacy #fragfedi #boost

#Netgate #pfSense CE 2.8.0 is here! I knew it was on the way, but wouldn’t have placed any bets on it beating 25.03 out the gate. https://www.netgate.com/blog/netgate-releases-pfsense-community-edition-version-2.8.0

Something strange with my #Unifi gear...

Recently replaced my UDM Pro with a CloudKey Gen2 Plus (because I don't need the gateway function as my #Netgate #pfSense is taking care of this).

According to the screenshot, my WiFi APs are offline as well as the Protect cameras.
But: both are working.

Maybe that's because of the "management" VLAN 31 instead of default VLAN 1?

Screenshot of Unifi Device Overview page, showing APs and Protect cameras as offline

Just realized that my #pfSense #Netgate 6100 has 4x 2.5 GbE ports. At least my #Unifi switch reports 2.5 GbE now... before connecting to the switch those ports were connected to the UDM Pro, which only has 1 GbE...

Ok so you're telling me i have to run beta code on my production appliance to get a *security fix*??? Fuck all the way off with that. #pfsense #netgate

#BSI WID-SEC-2025-1091: [NEU] [mittel] #Netgate #pfSense: Mehrere Schwachstellen ermöglichen Cross-Site Scripting

Ein entfernter, authentisierter Angreifer kann mehrere Schwachstelle in Netgate pfSense ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen.

https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1091

#BSI WID-SEC-2025-1083: [NEU] [hoch] #Netgate #pfSense: Mehrere Schwachstellen

Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Netgate pfSense ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen oder beliebigen Programmcode auszuführen.

https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1083

#update zu meiner #netgate: sie geht und ist still. In den ausgeflexten Bereich habe ich nun einen beQuiet Lüfter verbaut, bei all den VPN Verbindungen läuft das sogar 8 Grad kühler. Operation erfolgreich, Patient lebt.

#netgate #pfsense #firewall #homelab

Ich mache ja viele komische Sachen. Manchmal auch fragwürdige Sachen. Aber mit der Flex an die Firewall stand nicht auf meiner 2025 Bingokarte 🙃

Endlich Ruhe vor diesem scheußlichen Lüfter! Schauen wir mal ob sie noch geht oder #netgate 😂

#netgate8200 #firewall #actionmitderflex #homelab #pfSensePlus #pfsense

Bodenblech einer Netgate 8200. Lüftungsgitter weggeflext

I‘m reworking my #homelab rack setup. First two pics are before (from last year), the other two pics are the result of todays work. Alas, some cables need to be exchanged, though…

Lately I replaced the # Unifi Standard 24 PoE switch with Pro HD 24 PoE with Etherlighting. And the #Netgate 6100 #pfsense has replaced the UDM Pro as gateway and Firewall…

EDIT:
the A1000 and the Indy were removed from the rack. The UPS and the server moved some RUs higher. The purpose of the upper patch panel is to be able to use the short cables from above/below. In the back the connection goes hidden from the Pfsense to the UDM Pro ports.

Only annoyance: Why is are the port of the Unifi patch panel not labeled?! Hmpf...

Just waiting on a patch panel and some more #Ethernet cables and then my homelab can be restarted!

#homelab #minirack #techtoot #netgate #poe #raspberrypi

A picture of an 8U mini rack. One view is taken up with a Netgate firewall. A space is left to install a keystone patch panel. When you is taken up by one 5 port switch. 2U is taken up by a panel that can accommodate up to 8 Raspberry Pis, only two are currently installed. Blanking panels make up the next 2U of space, with 1U missing due to not having enough screws. A red cable can be seen coming out of the firewall and into the switch this is temporary until the Keystone panel is installed. Two more ethernet cables can be seen coming out of the switch into the raspberry pis

A rear view of the mini rack, the same equipment from the rear can be seen as installed on the front (refer to other image) at the bottom a rack mounted extension lead is installed with two plugs out of three attached. To the right hand side of the plug is a red switch can be seen, it is currently turned off

Noticed the eMMC storage in the office router was at 90% wear level. Promptly replaced it with a new SSD.

Preventative maintenance 👍

#netgate #pfsense

A Netgate 6100 router running pfSense with a rack mount accessoire sitting on a desk.

A Netgate 6100 router main board with a new SSD on the table.

The console output of the Netgate 6100 which is showing the new SSD has been detected.

The bare Netgate 6100 with the installed SSD running the newly installed pfSense software successfully.

#pfsense service toot:

Using #ACME certificates on your #freeradius for wifi authentication and things stop working after 60 days when the cert renews?

in the acme configuration add the follwing php-command to the actions list:

require_once('/usr/local/pkg/freeradius.inc'); freeradius_eapconf_resync(true);

(Long time lingering bug in pfsense, #netgate is not willing to fix)

@christopherkunz @wiert @nadaka @cisacyber no #Ubiquiti, #AVM, #Netgate and #Decisio?

Kinda disappointing...

#FriendlyReminder for people using #pfBlockerNG on #pfSense / #OPNsense or any other #FreeBSD-based #Firewall|ing-#distro:

Clean up ´´´/var/log/pfblockerng´´´ regularly, or else it'll fill up with disrespectful quickness depending on your setup.

Ask me how I know!

#Sysadmin #ITsec #Maintenance #DigitalJanitor #BSD #InfoSec #Networking #Netgate #Decisio #Router #Filtering #pf #logging #logs #log #syslog

"before" screenshot showing the output of df -h with /var being 100% full

"before" screenshot showing the contents of /var/log/pfblockerng being responsible with logfiles measuring 480+ MB

"After" Screenshot showing /var is now at merely 7% capacity

my #netgate 4100 died catastrophically and without notification. No console when attempting to rebuild. Luckily, had a #mikrotik #hEXS laying around waiting for me to play with it. Up and running with it as a home border router in a few minutes, and with reasonable looking config and firewall rules in about 30 minutes. not bad. Still getting almost 900Mbps throughput too.

Was wünscht ihr euch von einem Review zur #netgate 8200? Gibt es etwas bestimmtes was euch interessiert oder was getestet werden soll?

I'm coming into the #pfsense vs #opnsense debate way late, and I'm too ignorant to take a side right now. I did get a #netgate box on a recommendation, that's currently sitting in my desk only hooked up to a serial console.

But otherwise, no skin in the game currently.

#BSI WID-SEC-2024-3545: [NEU] [hoch] #Netgate #pfSense: Mehrere Schwachstellen

Ein entfernter, anonymer oder lokaler Angreifer kann mehrere Schwachstellen in Netgate pfSense ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen seine Rechte zu erweitern oder Informationen offenzulegen.

https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3545

Zwischenfazit #netgate 8200: abartige VPN Performance dank QAT! Proxmox VM Migration von daheim in die Firma geht ohne Einbrüche der Datenrate oder sonstige Aussetzer. Bisher bin ich schwer begeistert.

Ausführlicher Testbericht folgt natürlich.

#netgate

Client Info