I restarted #foomuuri, it kept logging that it was banning addresses - on and on and on, one or two per second. All of them in the ssh jail. I've not really set it up well, just out-of-the box settings. I don't run a homneypot, nor a bank. It's just me, some photos and the bullshit I do for work.
I wonder how many devices are out there trying standard passwords all day, every day?
People; get a hobby, go outside. Anything that is as neutrally harmless as you can manage. Anything.
Frinstance, today I looked at some wrens and a pair of eagles, and picked up some rubbish and put it in the bin. No-one was harmed.

Trying ssh credentials? #yeahnah.

On the weekend, I switched on a #foomuuri #nftables firewall.

I have been using #shorewall for so long that it is in my fingers.

Foomuuri is likeable and capable. I am finding my way around her peculiarities. Definitely stepping forward into it rather than falling back on my comfortable habits.

#debian

Apache optimization and mitigating DoS and DDoS attacks

Denial-of-service (DoS) and Distributed Denial-of-service (DDoS) attacks are some of the most common cyberattacks these days. They are fairly easy to execute and the consequences can vary from annoying to very problematic, for example if a crucial web service of a company or public service becomes inaccessible. In the current geopolitical situation DDoS attacks are a very popular method used by […]

https://blog.frehi.be/2025/01/12/apache-optimization-and-mitigating-dos-and-ddos-attacks/

#Apache #DDoS #DoS #firewall #foomuuri #modQos #performance #security

#FOSS #Linux #Firewall #Security #NetSec

Just finished migrating from #Shorewall (iptables) firewall configurator to #foomuuri (nftables) in my personal #Debian Sid laptop.

Took about four-five hours or so.

Ruleset is now shorter and actually easier to read. I have paranoid setup where even outgoing AND localhost traffic is filtered...

Feels refreshing after upgrade 👍 . And it's simply just great peace of #OpenSource software engineering:

https://github.com/FoobarOy/foomuuri

Protecting your server from known bad IPs with Foomuuri iplists

On the Internet we can find (usually crowdsourced) lists of malicious IP addresses responsible for attacks. We can easily integrate them in Foomuuri in order to block connections from these bad hosts. Not only does this improve security, it is also a performance win, because our daemons don’t don’t have to waste any more time dealing with these malicious connections.

The […]

https://blog.frehi.be/2024/11/30/protecting-your-server-from-known-bad-ips-with-foomuuri-iplists/

#Debian #firewall #foomuuri #Linux #security

Alright made a quick blog post about my ansible-managed router solution that works on vanilla Debian and Armbian.

https://blog.lane-fu.com/posts/2024/10/a-debian-linux-router-and-firewall-with-2-weird-names/

#armbian #foomuuri #firewall #router #clammy-ng #rockchip

Wireguard VPN with systemd-networkd and Foomuri

#Debian #firewall #foomuuri #IPv6 #security #systemd #vpn #Wireguard

https://blog.frehi.be/2023/11/01/wireguard-vpn-with-systemd-networkd-and-foomuri/

Setting up Foomuuri, an nftables based firewall

Up to now I have always been using the Shorewall firewall on all my Linux systems. I find it very easy to configure while at the same time it’s very powerful and flexible so that you can also use it with more complicated set-ups, such as routers with multiple network interfaces, VPN’s and bridges. Unfortunately Shorewall is still based on the old xtables (iptables, ip6tables, ebtables, […]

https://blog.frehi.be/2023/10/29/setting-up-foomuuri-an-nftables-based-firewall/

#Debian #firewall #foomuuri #Linux #nftables #security

Wanted to share a recent project of mine from past few weeks to turn my #nanopi r5s #sbc into a really potent pure debian Linux router that was sane to manage.

I was able to successfully switch over this weekend and retire my edgerouter-6p.

The formula is basically #ansible #systemd stuff #netplan #dnsmasq #frrouting and #foomuuri -- the lynchpin solution for sanely doing robust zone-to-zone firewalls using #nftables

Repo linked below has more details:

https://github.com/lanefu/clammy-ng