What do you run; Opnsense, pfsense, Smoothwall, maybe a WAF like wazuh?

Today was update/audit firewall day. I’m running a standalone instance of pFsense on a Protectli Vault FW4B - 4 Port - Intel Quad Core - 8GB RAM - 120GB mSATA SSD with unbound, pfBlockerNG, Suricata, ntopng, and heavily filtered. I did bump the swap to 8 GB as I’ve previously noticed a few ‘out of swap’ errors under load.

Before I signed off, I ran it through a couple porn sites to see if my adblocking strategy was working. Not one intrusive ad. Sweet!

Show me what you got.

  • ki9@lemmy.gf4.pwEnglish
    5·
    11 hours ago

    I think I have the same protectli as you and it is awesome. Need it for my 2.5gb uplink. I use openwrt on it… Didn’t really like opnsense. I am more used to linux than bsd.

    I host lots of services and get bombarded by scrapers, scanners, and skids both at home and on my VPSs.

    I use ipset for the usual blocklists which I download regularly. I also have tarpits on 22/tcp (endlessh). I pipe the IPs from the endlessh logs into fail2ban which feeds the ipsets. I have ipset blocks and fail2ban on my home firewall and all VPSs and coordinate over mqtt. So any fail2ban trigger > mqtt > every ipset block. Touch my 22/tcp anywhere and you get banned instantly everywhere. The program I use for this is called vallumd and it runs on openwrt.

    I also put maltrail everywhere but I’m not totally sure how to interpret and respond to the results. Probably will implement a pipe from maltrail to my mqtt > blocklist setup.

    I don’t do any network-level adblocking… Might be a future project.

    • irmadlad@lemmy.worldOPEnglish
      1·
      10 hours ago

      I think I have the same protectli as you and it is awesome

      Yes it is. It was a little more than I wanted to spend, and I’m sure I could have gone with a cheaper configuration, but I figured I’d get something with a little ass to it as to not create a bottleneck right at the firewall.

      I host lots of services and get bombarded by scrapers, scanners, and skids both at home and on my VPSs. Touch my 22/tcp anywhere and you get banned instantly everywhere.

      I too host most of the services I use on a couple of VPS I run. It has always amazed me as to the thickness of the bot layer on the internet. Clearnet experiences something like 2+ zetabytes per 24 hours. Around 50% of that is bot traffic, and they are very sophisticated bots as well. Open port 22 and here they come by the thousands like a feeding frenzy. I went as far as blocking everything with hosts.allow (do first) & hosts.deny (do last). I’ve set f2b on aggressive mode with only one shot. LOL UFW rocks in the background along with Crowdsec. I probably go overboard with security. LOL