What Firewall should I set up for my Dad's Fiber to the Property?
HTML-код
- Опубликовано: 3 окт 2024
- #FreeBSD #OpenSource #Unix #garyhtech #2023 reasons to use freebsd
There are a lot of firewall/router choices out there, which one will I pick for a Fiber to the Property install for my Dad?
Hint: www.pfsense.org/
Don't forget to check out my Discord server where you can talk open source operating systems and software
/ discord
FOSS
FreeBSD Handbook
FreeBSD Networking
FreeBSD PKG
FreeBSD ports tree 
Наука
![OsamaSon - ik what you did last summer [Official Music Video]](http://i.ytimg.com/vi/4DIQDnu3mr4/mqdefault.jpg)
I would highly encourage you to NOT forward all those ports directly to your LAN... much better if you would segment your LAN in multiple VLAN (specifically to create something like WAN, DMZ, LAN etc), put your servers into the DMZ and port forward from WAN to DMZ. The security model would be something like 0-50-100 (where 0 is 'zero' security and 100 is maximum security) which would be your WAN-DMZ-LAN; firewall rules should reflect that only interfaces with highest security number can go towards the lower security one (while, of course, nothing from a lower security interface can traverse the towards the higher security one apart the traffic related to the port forward from WAN to DMZ). Having a port forward from WAN to LAN defeat completely the firewall function...
Pfsense, OPNSense, Mikrotik. All valid for the indicated purposes. Maybe Mikrotik has a higher curve of apprenticeship
-12:45-- You give me the creeps here, why would you completely open up your LAN network to the Internet? 💀-
This Rule actually doesn't do anything, my bad
Because he makes sure that all his applications and services are up to date with the relevant security patches etc. He probably also makes sure that transmission of sensitive information is encrypted end-to-end. Keep in mind that a packet filter, a.k.a. firewall, doesn't add that much security. True added value with regards to security is done on OSI layers 5 and up.
@@martinvandenbroek2532 If a packet filter (the "pf" in "pfSense" literally stands for "packet filter") isn't adding security, then why is he even bothering with using pfSense and not just bridge his LAN to the internet?
Not sure what he is doing here and he didn't explain why he added that rule. I don't think the rule makes any sense as it's on the WAN interface but the source is down as LAN subnets. He's not opened up his WAN interface to the whole internet as only IP's from his local subnet can connect to it, but I don't think the rule adds any value (how/why would an internal IP be connecting via the WAN interface)? Assume he's got confused as the rule should be on the LAN interface to allow IPV6 clients to communicate out of the LAN to the WAN, but it's already there by default in pfSense on the LAN interface and you can see it slightly further on in the video...
Your videos are excellent! congratulations for them! Hey how to install emacs the newest version? I am new to freebsd and I loved it, it is solid and has what I need, I liked it more than many Linux that I have tried, but I struggle to install software, a video will be good for many of us who switched from linux to freebsd, install emacs but the old version.tank you