Andrey [0xdc, 0x09];20h ago

Hey fedi 
Does anyone know a good opensource firewall for a Linux server with an admin panel in web or tui?

I want to see recent tcp & udp connections, preferrably some info about their contents (e.g. compute JA4 fingerprint for TLS, extract domain from DNS request) and be able to immediately block by source/dest IP subnet, ASN, geoip, maybe even by JA4.

I guess i can just google it but i want to hear your recommendations. Firewall is a high-privileged software that have to be trusted anyway.

Thank you 

#askfedi #linux #selfhosted #infosec #firewall

Show threadhexaheximal20h ago
@darkcat09 https://openwrt.org ;)
[OpenWrt Wiki] Welcome to the OpenWrt Project

Show threadAndrey [0xdc, 0x09];
@hexaheximal
I thought of installing OPNsense on a separate server — afaik that's the best solution. But my infrastructure consists of a couple of cloud VPS, i'm not selfhosting at home (sadly), so another server would cost some (not a little) money, plus i'd need to rework the infra a bit.
Apr 5 at 8:32pmWeb
Show threadhexaheximal19h ago
@darkcat09 you can install openwrt in a vm, and in fact it is really good about memory usage too
Show threadAndrey [0xdc, 0x09];19h ago
@hexaheximal
Like.. run QEMU and forward eth0 into it?
Show threadhexaheximal19h ago
@darkcat09 yep