On the weekend, I switched on a #foomuuri #nftables firewall.
I have been using #shorewall for so long that it is in my fingers.
Foomuuri is likeable and capable. I am finding my way around her peculiarities. Definitely stepping forward into it rather than falling back on my comfortable habits.
Apache optimization and mitigating DoS and DDoS attacks
Denial-of-service (DoS) and Distributed Denial-of-service (DDoS) attacks are some of the most common cyberattacks these days. They are fairly easy to execute and the consequences can vary from annoying to very problematic, for example if a crucial web service of a company or public service becomes inaccessible. In the current geopolitical situation DDoS attacks are a very popular method used by […]
https://blog.frehi.be/2025/01/12/apache-optimization-and-mitigating-dos-and-ddos-attacks/
#Apache #DDoS #DoS #firewall #foomuuri #modQos #performance #security
#FOSS #Linux #Firewall #Security #NetSec
Just finished migrating from #Shorewall (iptables) firewall configurator to #foomuuri (nftables) in my personal #Debian Sid laptop.
Took about four-five hours or so.
Ruleset is now shorter and actually easier to read. I have paranoid setup where even outgoing AND localhost traffic is filtered...
Feels refreshing after upgrade 👍 . And it's simply just great peace of #OpenSource software engineering:
Protecting your server from known bad IPs with Foomuuri iplists
On the Internet we can find (usually crowdsourced) lists of malicious IP addresses responsible for attacks. We can easily integrate them in Foomuuri in order to block connections from these bad hosts. Not only does this improve security, it is also a performance win, because our daemons don’t don’t have to waste any more time dealing with these malicious connections.
The […]
https://blog.frehi.be/2024/11/30/protecting-your-server-from-known-bad-ips-with-foomuuri-iplists/
Alright made a quick blog post about my ansible-managed router solution that works on vanilla Debian and Armbian.
https://blog.lane-fu.com/posts/2024/10/a-debian-linux-router-and-firewall-with-2-weird-names/
I built an ansible-managed router and firewall solution called clammy-ng using only modern Linux tooling… and it’s pretty good! Did I mention it works on ARM? Craving a new router solution I was a Ubiquiti EdgeRouter fan for years. The series provided Amazing capability for the price, and the OS being based on a fork of Vyatta made it all that much more appealing. However, in recent years my opinion began to sour as it’s become evident that priority on this product line is going way.
Wireguard VPN with systemd-networkd and Foomuri
#Debian #firewall #foomuuri #IPv6 #security #systemd #vpn #Wireguard
https://blog.frehi.be/2023/11/01/wireguard-vpn-with-systemd-networkd-and-foomuri/
Setting up Foomuuri, an nftables based firewall
Up to now I have always been using the Shorewall firewall on all my Linux systems. I find it very easy to configure while at the same time it’s very powerful and flexible so that you can also use it with more complicated set-ups, such as routers with multiple network interfaces, VPN’s and bridges. Unfortunately Shorewall is still based on the old xtables (iptables, ip6tables, ebtables, […]
https://blog.frehi.be/2023/10/29/setting-up-foomuuri-an-nftables-based-firewall/
Wanted to share a recent project of mine from past few weeks to turn my #nanopi r5s #sbc into a really potent pure debian Linux router that was sane to manage.
I was able to successfully switch over this weekend and retire my edgerouter-6p.
The formula is basically #ansible #systemd stuff #netplan #dnsmasq #frrouting and #foomuuri -- the lynchpin solution for sanely doing robust zone-to-zone firewalls using #nftables
Repo linked below has more details:
Amo a Sam amat
Frederik
Talkless 
Markus
lanefu
