Lmst

Has anyone ever built their own router? I was thinking: DSL modem (ALLnet) -> Raspberry Pi with RMN520N HAT.

#router #diyrouter #openwrt #linux #archlinux #shorewall #modem #RaspberryPi

On the weekend, I switched on a #foomuuri #nftables firewall.

I have been using #shorewall for so long that it is in my fingers.

Foomuuri is likeable and capable. I am finding my way around her peculiarities. Definitely stepping forward into it rather than falling back on my comfortable habits.

#debian

@JulianOliver I guess it's the same than with physics: classic mechanics works fine until you need more detail and use quantum instead.

For deep level but still with a patine of abstraction I suggest #ShoreWall. A shame the config language won't ever evolve from text based tables, but definitely better than writing ip/nftables rules by hand, and IIRC¹ it has a try mode that rolls back in case you get kicked out.

¹ I think I sued it once, but it's been a looong while since I last touched my FW.

#FOSS #Linux #Firewall #Security #NetSec

Just finished migrating from #Shorewall (iptables) firewall configurator to #foomuuri (nftables) in my personal #Debian Sid laptop.

Took about four-five hours or so.

Ruleset is now shorter and actually easier to read. I have paranoid setup where even outgoing AND localhost traffic is filtered...

Feels refreshing after upgrade 👍 . And it's simply just great peace of #OpenSource software engineering:

https://github.com/FoobarOy/foomuuri

Перевел свои :calculate: сервера с #shorewall на #nftables. Насколько же все стало проще и логичней!

@0xDEADBEEF thanks for mentioning #Shorewall 👍 After taking a close look it seems that it won't provided added value compared to using directly #nftables at least for my needs. Also I didn't see any new commits (https://gitlab.com/shorewall/code/-/commits/master) for more than a year on the project so I'm not sure if it either super stable or no longer actively maintained?

#til

* #shorewall, the trusty #linux #firewall you can simply describe in a few config files, has a `try` command to setup the firewall for a while and tear it down again after a timeout. Very good for configuring the firewall remotely; combine with ssh and #screen. I still lick my scars for the night I did the cowboy thing, tried to setup a firewall by hand, and the first thing I did was to `DROP` all packets. I lost a good job opportunity because of that. #NeverAgain

If you've followed our recent posts, you already know that we gave Shorewall a try to tidy up our VPN firewall rules and gain full overview about our configuration. Our migration to Shorewall has been successful and we'd like to share some insights in our configuration:

"Keeping the Wireguard VPN firewall clear with Shorewall" - https://blog.zero-iee.com/en/posts/vpn-firewall-shorewall/

Shorewall by Tom Eastep is just perfect for small to mid size firewall deployments that are mostly static and not too complex. One of our developers uses OpnSense and PfSense for more complex scenarios in his private projects.

Which firewall / configuration tool do you use and why?

#shorewall #firewall #wireguard #vpn #teamzero #zeroiee #blog #techblog #linux #debian

We're currently evaluating Shorewall [1] as a Firewall / iptables configuration tool.

Configuring iptables manually [2] works, but can get messy and thus is error prone. For our VPN server with its many customer VPNs, we are looking for a clearer solution that can be easily configured via configuration files. One of our developers has already used Shorewall and is impressed by the software. It was therefore a natural decision to take a look at it.

Initial experiments have gone well!

[1]: https://shorewall.org/
[2]: https://blog.zero-iee.com/posts/multi-tenant-wireguard-vpn-server/

#wireguard #shorewall #foss #server #vpn #firewall

Gestern hatte ich auf einem Test Server einmal firewalld ausprobiert. Gefallen hat mir das Zonenmodell, das netfilter mitbringt. Die Syntax ist verhältnismäßig schnell und einfach zu erlernen. Allerdings muss ich gestehen, dass ich ein Fan von Shorewall bin und somit war es ein kleiner aber informativer Abstecher.

Was verwendet Ihr, um die Firewall eurer Server zu konfigurieren?

#server #linux #admin #firewall #firewalld #shorewall #iptables #netfilter #ufw #administration #redhat #debian #arch #suse #itsicheheit

@greppy I prefer keeping the pi-hole off the perimeter if I can help it, personally.

I've done the #Debian thing before (and moved to #Shorewall from iptables at some point. These days, I'm using a #Synology RT2600ac as mine, having upgraded from an #openwrt flashed router.