Merospit17h ago
Andrey [0xdc, 0x09];

Hey fedi 
Does anyone know a good opensource firewall for a Linux server with an admin panel in web or tui?

I want to see recent tcp & udp connections, preferrably some info about their contents (e.g. compute JA4 fingerprint for TLS, extract domain from DNS request) and be able to immediately block by source/dest IP subnet, ASN, geoip, maybe even by JA4.

I guess i can just google it but i want to hear your recommendations. Firewall is a high-privileged software that have to be trusted anyway.

Thank you 

#askfedi #linux #selfhosted #infosec #firewall

Apr 5 at 8:21pmWeb
Show threadhexaheximal18h ago
@darkcat09 https://openwrt.org ;)
[OpenWrt Wiki] Welcome to the OpenWrt Project

Show threadAndrey [0xdc, 0x09];18h ago
@hexaheximal
I thought of installing OPNsense on a separate server — afaik that's the best solution. But my infrastructure consists of a couple of cloud VPS, i'm not selfhosting at home (sadly), so another server would cost some (not a little) money, plus i'd need to rework the infra a bit.
Show threadhexaheximal18h ago
@darkcat09 you can install openwrt in a vm, and in fact it is really good about memory usage too
Show threadAndrey [0xdc, 0x09];18h ago
@hexaheximal
Like.. run QEMU and forward eth0 into it?
Show threadhexaheximal18h ago
@darkcat09 yep
Show threadScott Wilson18h ago

@darkcat09 Did you mean like a Firewall application for Linux? If so, you might like this one:

https://github.com/evilsocket/opensnitch

GitHub - evilsocket/opensnitch: OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch.

OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch. - evilsocket/opensnitch

GitHub
Show threadAndrey [0xdc, 0x09];18h ago
@scottwilson
Updated the post, i should've mentioned it's a server, not desktop
Show threadScott Wilson18h ago
@darkcat09 Sorry!
Show threadAndrey [0xdc, 0x09];17h ago
@scottwilson
It's ok 
Noted the suggestion anyway, might be useful later
Show threadMerospit17h ago

@darkcat09 I have always relied on a proxy server for outbound security.

Very interested to know how outbound firewall functionality is going these days.

For inbound firewall stuff I would use OPNsense with Crowdsec and an IDS to get at least some reactive capability.

Show threadluna the doggie  6h ago
@darkcat09 the best I know is cockpit + firewalld + nftables but that does not fit your logging requirements afaik.

Overall that sounds like you need a firewall with deep packet inspection, the basic Linux tools won't do for that.

Well for just tracing stuff like that, in theory one could use wireshark but that may not be practical depending on the volume of requests.
Show threadKoutsie 5h ago
@darkcat09 openwrt?
Show threadAndrey [0xdc, 0x09];5h ago
@k
Probably; was suggested in this thread too
hexaheximal (@[email protected])

@[email protected] https://openwrt.org ;)

Mastodon 🐘
Show threadPatrick Laimbock 🇳🇱 🇪🇺34m ago
@darkcat09 Maybe https://www.ipfire.org/
Welcome To IPFire! - More Than A Firewall

The Open Source Linux-based Firewall Operating System with a Comprehensive Feature Set

IPFire.org
Show threadAndrey [0xdc, 0x09];31m ago
@plaimbock
Found it too, but if i get it right, it's a separate system like openwrt or opnsense, so i have to add one more server to my infra or run it in qemu