Recent content by Riko
-
Is it possible to get some kind of hardware firewall which only allows outbound connections on a whitelist?
In pfSense you can create a alias with a list of hosts/IPs that you can use in firewall rule(s). -
Raspberry Pi | SFTP | restrict user privileges
I know this is a old thread but maybe it helps somebody. I use ProFTPD with users in a database. They can not logon to the system only to ProFTPD. I don't use the FTP(S) function in ProFTPD only the SFTP module. In /etc/proftpd/virtuals.conf you can set what users are allowed to do... -
Pfsense wins awards
@ddaenen1 In "System activity" you do not have the options you have in TOP on the command line. In TOP, with capital P, you can toggle the view of separate CPU's in the head. -
Pfsense wins awards
What might be helpful is running the top program in a terminal shell of your pfSense system. In top you could do shift+h For more options enter h (for help) in top. -
Do i need an IoT VLAN
My pfSense system has 4x 2.5gbps ports. 1 for WAN and 2 ports for the 2 nic LAG to the switch. 1 have only one unused port left. I like to learn networking best practices and to prevent, mitigate vulnerabilities that comes with the territory. "Not flying is always safer then flying."... -
Do i need an IoT VLAN
Vlan hopping and mitigation: https://en.wikipedia.org/wiki/VLAN_hopping -
Do i need an IoT VLAN
@coxhaus I don't use layer 3 on my switch. I would like to play with it but i need a separate L3 switch for that. I don't want to have my network down for to long. I have a lot of firewall rules set. If i would have to convert all that in ACL's i don't know if i could get the same result... -
Do i need an IoT VLAN
I added several links about port isolation. Port isolation is a common thing in switches and even in wifi networks your can set client isolation. I have a Ubiquiti EdgeSwitch 24 POE 250 watts. And 2x Unfi Flex switches. My dynamic vlans doesn't work based on mac address but username/password... -
Do i need an IoT VLAN
I don't use mesh. My wifi devices roam between my accesspoints that are mounted on different places in my house. The IOT Wifi SSID i use sometimes for specific Tuya smart switches with regular wpa2-psk works very well. It ends in my IOT vlan just like the other IOT devices. I don't see the... -
Do i need an IoT VLAN
Why a separate radio? You can configure a separate IOT WPA2-PSK SSID that is transmitted by all your accesspoints alongside with your normal users SSID. -
Do i need an IoT VLAN
I have 4 vlans for wifi devices. I have wpa2-enterprise with dynamic vlans. 4 vlans with different firewall security configurations. In the radius database i have 4 user groups with 4 different vlans set. I can add or remove users from a specific group / vlan. All groups can logon on a single... -
Do i need an IoT VLAN
Besides the firewall rules i mentioned earlier i set al the switch ports i use for IOT devices to isolated. https://documentation.meraki.com/MS/Port_and_VLAN_Configuration/Restricting_Traffic_with_Isolated_Switch_Ports... -
Do i need an IoT VLAN
I regularly check the websites of the Smarthome devices i have for updates. For example Philips hue: https://www.philips-hue.com/en-us/support/release-notes -
Do i need an IoT VLAN
I use a IOT vlan for all my smarthome stuff. They can not go to the Internet. If something needs to update i give it temporary access to internet for updating only. I am on my LAN or WLAN vlan i can connect to the smarthome devices. But not the way around smarthome devices can not reach anything. -
Pfsense wins awards
Here in the Netherlands the fiber connections often use pppoe. How is your experience with pfSense and your connection?