Does VyOS count?
Comment on Let's talk about free/FOSS routing platforms for the homelab
nbailey@lemmy.ca 7 months ago
IPtables on Debian because I like my life to be boring and unchanging.
Bakkoda@sh.itjust.works 7 months ago
Comment on Let's talk about free/FOSS routing platforms for the homelab
nbailey@lemmy.ca 7 months ago
IPtables on Debian because I like my life to be boring and unchanging.
Does VyOS count?
MigratingtoLemmy@lemmy.world 7 months ago
Is that your firewall? I admit it’s a great idea but do you use something else for routing?
nbailey@lemmy.ca 7 months ago
Yep. Firewall, routing, dhcp, dns, everything you’d expect from a gateway device. Plain Debian (or really any distro) can do it all. With a 1gbps bi-directional connection fully saturated it will run at about 10% cpu on my very crappy low power Celeron CPU.
Plus, there’s no web UI full of janky and insecure CGI scripts to exploit, and software updates are forever (well, until x64 is deprecated, so basically forever).
MigratingtoLemmy@lemmy.world 7 months ago
You have really piqued my interest. I have always thought about running my DIY Router + Firewall + switch but had never really spoken to anyone who had done it before (guides on the internet notwithstanding).
However, if I do something like this, it will likely be on OpenBSD. Now, I haven’t delved deep enough into the BSDs to know if it’s better than Debian since all distributions can be made as secure as we want. However, OpenBSD just has a better image in my mind in terms of security and some of their choices in the OS are to my liking.
nbailey@lemmy.ca 7 months ago
This was my setup from about four years ago. Other than moving suricata elsewhere, it’s largely the same. Worth a shot if it’s something you’re into!
nbailey.ca/post/linux-firewall-ids/
OpenBSD is also great, I’m just more familiar with the Linux tools. All the required tools are in the base image, and they have a great official guide:
www.openbsd.org/faq/pf/example1.html