Elon Musk 
people #selfhosting at home: how do you protect your LAN? do you trust your router's firewall features?
Nov 10, 2022 at 2:30amWeb
Show threadorangepeelbeef Nov 10, 2022
@tootroll I have a negate pfsense firewall, and a bunch of vlans. Keep the hosting separate from the lan.
Show threadBalaji DuttNov 10, 2022
@tootroll separate VLANs and firewall rules to control traffic between theme. I use mikrotik hardware as it's performance/dollar ratio is awesome. Yes its proprietary closed source software but the company is focused on just this thing so they tend to do a good job. Plus they aren't a listed company so no pressure to hit quarterly targets (unlike say Netgate who own PFSense)
Show threadTwinkie Pie Dec 23, 2022

@tootroll NEVER trust the router

I use Cloudflare Tunnels to open ports securely, I could set up something better but at least Cloudflare doesn't sell your data or use ads

Show threadfbievanDec 23, 2022
@jesse @tootroll WHY NOT SETUP WIREGUARD PROXY WITH CHEAP ASS WIREGUARD SERVER??? RATIOOOO????
Show threadTwinkie Pie Dec 23, 2022
@fbievan @tootroll what
Show threadfbievanDec 23, 2022
@jesse @tootroll literally what I have running haproxy going into a wireguard tunnel back to my local PC, which then there nginx is taking port 443 and going other places
Show threadfbievanDec 23, 2022
@jesse @tootroll works kinda similar to cloudflare tunnels
Show threadfbievanDec 23, 2022
@jesse @tootroll expect without cloudflare
Show threadfbievanDec 23, 2022
@jesse @tootroll yes I did all of this just to avoid using a cloudflare owned thing