Mastodawn

Finishing internal #wiki notes on connecting across #Tailscale to boot a remote #Dell server via #iDRAC from a #proxmox iso image (on my #NetBSD laptop in a #Firefox window). Wipe, install, then install #pfSense and flip the Proxmox to be secured behind pfSense, and add a #Ruckus smartzone controller and some other VMs

All without physical access to the machine. Takes me way back to remote #Sun #Sparc installs via a #RS232 #Spiderport :-p

Santiago

4d ago

Bueno, parece que los ataques de scraping estan cesando o por lo menos el bloqueo del firewall está siendo exitoso y permite más o menos respirar al servidor. Como últimas novedades, ayer terminé de migrar las listas de bloque de Alias y reglas manuales, a listas dinámicas automáticas, aparte de que agregué algunas más que estaban faltando. Las listas dinámicas corren en bajo nivel en el firewall y aprovechan el motor pf packet filter que hace famoso a pf-Sense. Eso quedó lujo y los tests que corrí muestran que el firewall ni se despeina filtrando unas 50k IPs. También en el proxy Nginx dejé corriendo CrowdSec junto con Fail2ban y ahora ambos alimentan de IPs maliciosas que detectan, al pf-Sense que las bloquea para toda la red. CrowdSec fue sugerencia de @j3j5 y luego de @ElenaMusk y valió la pena porque solo lo conocía de nombre, nunca lo había probado, muchas gracias por el apoyo y la ayuda. Pensé que era similar a Fail2ban pero se nota que es mucho más moderno y agarra IPs que Fail2ban no agarra, justamente por el análisis decomportamiento. Yo creo que estamos bastante bien ahora, con pfBlocker-NG, Suricata y DNSBL corriendo en pf-Sense y Fail2ban y CrowdSec corriendo en el proxy que a su vez retroalimenta a pf-Sense. #pfsense #crowdsec #dnsbl #suricata #seguridad #undernet #mastodon

Sean Eric Fagan 6d ago

I am not a network dummy. While I'm not a network engineer, I've had to deal with networking my entire career (that includes writing code, as well as the more common configuration and management).

It took me 3 whole days to get #WireGuard working on my #pfSense box. Because I missed that it had defaulted to "dynamic endpoint"... which is great if it was the server, but I was trying to set up a VPN *client*, to connect to work.

OY WITH THE POODLES!

KMJ 🇦🇹6d ago

is there a way to auto migrate config from #pfsense to #opnsense ? looks like pfsense will need very long till #zabbix 7.4 proxy is available and maybe this is a event to check out opnsense.

KMJ 🇦🇹6d ago

to bad, the #zabbix #proxy #package on #pfsense is v 7.0.6 and creates an outdated alarm.

ℒӱḏɩę 💾☮∞🎶♲☀🔋May 3

I found a Mini-ITX with some AMD A series APU on it. Dual core / 8GB DDR3. I'm going to make a #router out of it because we no longer trust closed-source hardware, right?

Looking at #OPNSense and #pfSense

nebucatnetzer May 2

I really like my #wireguard setup.
I'm moving more and more services behind it and don't expose them anymore.

In addition I've setup #pihole again and move as much as possible from my #pfsense firewall to my #nixos server.

It just feels better to have things set up declaratively instead of relying on backups.

Michael Gurski Apr 29

I've decided to take the leap and update my #NetGate #pfSense box to 26.03-RELEASE. Here's hoping it's stable and doesn't do all the random lockups I was seeing that kept me on 24.0x

Santiago

Apr 15

Hoy el servidor me bloqueó la IP mientras estaba en Rocha. El firewall quedó muy filoso y estoy tuneando de a poco las reglas y filtros que son un poco excesivos. Si alguien experimentó bloqueos y me quiere comentar, le agradezco. #undernet #seguridad #firewall #pfsense

KMJ 🇦🇹Apr 15

#Blocked 151 /24 and one /8 net from Hong Kong the protect my public #DNS servers from flooding them with non existing domain requests.

Blocked the Nets to not overfill my #pfSense #firewall rules with 6digit number IP addresses.

I made a small shell script filtering out their IPs from #tcpdump sorting and unique them then uploaded the list to my server distributing the lists a URL Aliases to pfSense.

Peace again on all DNS servers.