Kirk Zurell7h ago

Help #pfsense #opnsense #network colleagues! My imagination is failing me.

I have two locations, each with its own special snowflake pfsense and WAN, also joined by a (meagre but reliable) link. These are the things I cannot change.

I have dreamed for years of allowing the locations to fail over between one another seamlessly: if one WAN goes down, limp-along traffic passes over the minimal link and out the other WAN.

Santiago 1d ago

Recientemente cambié el mecanismo por el cual el firewall bloquea IPs maliciosas, que me estaban medio que acalambrando todos los días. Ahora el sistema cada 1h, carga una lista de IPs bloqueadas por fail2ban que es publicada por el servidor principal. El cambio requirió que eliminara los bloqueos cumulativos anteriores, que eran de unas 1500 - 1800 IPs y dejar que ahora fail2ban las incorpore solo a la lista (independiente de las que pfSense ya bloquea y que baja de blocklists conocidas, que son otro tanto). Vamos 2 días de este sistema y en promedio el servidor está bloqueando unas 100 IPs por día, en forma lineal, hasta que se estabilice, calculo yo, cuando lleguemos a eso de 1000 IPs, porque supongo que algunas que las 1500 que estaban bloqueadas de antes, ya no eran maliciosas. Ahora todas las IP que bloqueaba fail2ban, eran bloqueadas por el servidor que está expuesto, ahora también están bloqueadas para toda la red de Undernet. Veremos como sigue...

Edit: Agregué bloquear todos los bot/scrappers IA Googlebot, SummalyBot, GPTBot, Amazonbot, ClaudeBot y la cosa aumentó dramáticamente...

Seguimos transmitiendo desde el bunker...

#seguridad #undernet #pfsense #fail2ban

Show threadJens2d ago
@jhx using both #pfSense as well as #OPNsense
Multiple things to play around with actually :)
Stuff like new VPN with ZTNA like Netbird or Tailscale. Caddy or HAproxy as Reverse Proxies. VPN shenanigans, DNS & IP blocking, central LetsEncrypt point for internal stuff etc. etc. :) There are so many possibilities!
Show threadDavid Nelson3d ago
And it’s actually out on the stable branch now. #pfSense #pfSensePlus #Netgate https://mastodon.social/@dmnelson/116330276181528928
David Nelson3d ago
pfSense Plus 26.03 kind of sort of maybe appears to be out. It's showing in the RC branch (without "RC" or extra numbers after the version) but not in stable. After installing the version shows "26.03-RELEASE". #pfSense #pfSensePlus https://docs.netgate.com/pfsense/en/latest/releases/26-03.html
26.03 New Features and Changes | pfSense Documentation

Patch Notification Robot 🔔5d ago
Electric Sheep Fencing released #pfSense Community Edition version 2.8.1. https://www.pfsense.org/download/
Download pfSense Community Edition

pfSense is a free and open source firewall and router that also features unified threat management, load balancing, multi WAN, and more

Miron 🇪🇺5d ago

If you're using OPNSense, you should know there's a high quality blocklist made in the EU called https://qfeeds.com/ that you can use.

Check this video out, it's really easy to setup: https://www.youtube.com/watch?v=RYEizNBE9Y0

#opnsense #pfsense #security #malware #selfhosted

Boost your security posture with Q-Feeds' CTI Integration

Q-Feeds delivers real-time cyber threat intelligence with actionable data and easy integration to protect organizations from phishing, botnets, and more.

Q-Feeds
ijMar 28

Komisches #Netbird / #Pfsense Problem:

Aus dem Netz zuhause zum Proxmox Cluster hinter der Pfsense mit Netbird per SSH auf 3 Container mit den IPs am Ende .121, .122 und .123.

Die .121 und .123 sind per SSH erreichbar. Die .122 wird hingegen auf der Pfsense im Datacenter auf dem wt0 Interface von der Default Policy geblockt.

Bei Netbird ist alles der Einfachheit halber auf /24 freigegeben.

Keine Ahnung, wie Netbird/Pfsense auf den Trichter kommt, den Zielhost blocken zu wollen...?

Show threadmudalaMar 27

@VeroniqueB99
One might run OpenBSD / FreeBSD / NetBSD and free himself. Or maybe use pfsense as a commercial product you can trust.

#openbsd #freeb #netbsd #pfsense

ChiefGyk3DMar 27

Big news! 🚨 The US router ban has some serious implications for home networks. Turns out, building your own firewall like I do with pfSense isn't just a hobby anymore – it's becoming essential. Learn why and how in my new short! 💻 #pfSense #Home #Cybersecurity

https://www.youtube.com/watch?v=wjdJuo2QULI