#Tag
Watchguard Firebox: Gefährdung durch Standardpasswort für Admin
Watchguard versieht die Firebox-Firewalls mit Standardpasswörtern. Angreifer können sich dadurch leicht Admin-Rechte verschaffen.
#Firewall #IT #Passwörter #Security #Sicherheitslücken #Updates #news
Watchguard Firebox: Gefährdung durch Standardpasswort für Admin
Watchguard versieht die Firebox-Firewalls mit Standardpasswörtern. Angreifer können sich dadurch leicht Admin-Rechte verschaffen.
#Firewall #IT #Passwörter #Security #Sicherheitslücken #Updates #news
Warum OpenWrt nutzen?
In c’t sehe ich recht häufig Berichte über OpenWrt. Was mir aber bislang keiner der Artikel erklärt hat: Was ist das Tolle an dieser Router-Firmware?
Warum OpenWrt nutzen?
In c’t sehe ich recht häufig Berichte über OpenWrt. Was mir aber bislang keiner der Artikel erklärt hat: Was ist das Tolle an dieser Router-Firmware?
Hot take: pf's built-in connection tracking beats fail2ban/sshguard hands down.
One simple ruleset gives you automatic brute-force protection with ZERO userland daemons. No log parsing, no reaction delays, no additional attack surface.
table <bruteforce> persist
pass in proto tcp to port 22 flags S/SA (max-src-conn 5, max-src-conn-rate 3/30, overload <bruteforce> flush global)
Kernel-level enforcement, instant blocking, survives reboots with persist.
Why spawn Python processes when your firewall already knows?
Hot take: pf's built-in connection tracking beats fail2ban/sshguard hands down.
One simple ruleset gives you automatic brute-force protection with ZERO userland daemons. No log parsing, no reaction delays, no additional attack surface.
table <bruteforce> persist
pass in proto tcp to port 22 flags S/SA (max-src-conn 5, max-src-conn-rate 3/30, overload <bruteforce> flush global)
Kernel-level enforcement, instant blocking, survives reboots with persist.
Why spawn Python processes when your firewall already knows?
looking for some nftables help
3 networks on firewall ( isp, ofc, svc ( Nextcloud, HomeAsst, etc ) )
I want to ssh and web from ofc to svc, I would prefer to route rather than nat ( show source system rather than firewall )
net.ipv4.ip_forward = 1
Should this be sufficient for the routing?
table inet filter {
chain forward {
ip saddr $ofc_net oifname $svc_nic accept
iifname $srv_nic ip daddr $ofc_net ct state related,established accept
}
}
looking for some nftables help
3 networks on firewall ( isp, ofc, svc ( Nextcloud, HomeAsst, etc ) )
I want to ssh and web from ofc to svc, I would prefer to route rather than nat ( show source system rather than firewall )
net.ipv4.ip_forward = 1
Should this be sufficient for the routing?
table inet filter {
chain forward {
ip saddr $ofc_net oifname $svc_nic accept
iifname $srv_nic ip daddr $ofc_net ct state related,established accept
}
}
Tomorrow 2025-09-25 at 10:30 CEST, the refreshed "Network Management with the OpenBSD Packet Filter Toolset" https://events.eurobsdcon.org/2025/talk/FW39CX/ by yours truly, @stucchimax and Tom Smyth will start at #eurobsdcon.
We will put the updated slides online just before the session starts.
#openbsd #freebsd #pf #packetfilter #networking #firewall #trickery #security
Tomorrow 2025-09-25 at 10:30 CEST, the refreshed "Network Management with the OpenBSD Packet Filter Toolset" https://events.eurobsdcon.org/2025/talk/FW39CX/ by yours truly, @stucchimax and Tom Smyth will start at #eurobsdcon.
We will put the updated slides online just before the session starts.
#openbsd #freebsd #pf #packetfilter #networking #firewall #trickery #security
Does anyone know of a public set of ModSecurity exceptions for the fediverse/ActivityPub I can take a look at? I'm setting it up for GoToSocial and Mastodon now and manually doing this is pain.
Update, @cloudymax and I started a plugin here:
https://github.com/small-hack/argocd-apps/blob/2b7995c6fae5ecbb3944c6c6f4b139d98b76e67f/ingress-nginx/modsecurity_plugins_configmap.yaml#L177
Still happy to collaborate on it, but also wanted to note there was a mention a year ago about making an ActivityPub plugin over at the OWASP CRS repo, so maybe we could donate to that if its ever created:
https://github.com/coreruleset/coreruleset/issues/3497#issuecomment-1902181156
#WAF #modsecurity #nginx #apache #firewall #webApplicationFirewall #mastodon #gotosocial #activitypub
Does anyone know of a public set of ModSecurity exceptions for the fediverse/ActivityPub I can take a look at? I'm setting it up for GoToSocial and Mastodon now and manually doing this is pain.
Update, @cloudymax and I started a plugin here:
https://github.com/small-hack/argocd-apps/blob/2b7995c6fae5ecbb3944c6c6f4b139d98b76e67f/ingress-nginx/modsecurity_plugins_configmap.yaml#L177
Still happy to collaborate on it, but also wanted to note there was a mention a year ago about making an ActivityPub plugin over at the OWASP CRS repo, so maybe we could donate to that if its ever created:
https://github.com/coreruleset/coreruleset/issues/3497#issuecomment-1902181156
#WAF #modsecurity #nginx #apache #firewall #webApplicationFirewall #mastodon #gotosocial #activitypub
Burning it in for 12 hours now. It consumes 17W at idle running #OpenBSD 7.7 without apmd and ramps to 35W during KARL. Firmware was updated to the latest supported for the model and VT-x extensions have been turned off, this is just a firewall.
Thermals are good with the case back together. In 20 degrees ambient, they are reporting:
hw.sensors.cpu0.temp0=39.00 degC
hw.sensors.acpitz0.temp0=27.80 degC (zone temperature)
hw.sensors.nvme0.temp0=40.00 degC, OK
I did clean the heat sink and CPU, then applied new thermal paste. Time to build some ansible playbooks for management and then apply them, ready for production. #firewall#IPv6
Burning it in for 12 hours now. It consumes 17W at idle running #OpenBSD 7.7 without apmd and ramps to 35W during KARL. Firmware was updated to the latest supported for the model and VT-x extensions have been turned off, this is just a firewall.
Thermals are good with the case back together. In 20 degrees ambient, they are reporting:
hw.sensors.cpu0.temp0=39.00 degC
hw.sensors.acpitz0.temp0=27.80 degC (zone temperature)
hw.sensors.nvme0.temp0=40.00 degC, OK
I did clean the heat sink and CPU, then applied new thermal paste. Time to build some ansible playbooks for management and then apply them, ready for production. #firewall#IPv6
A space for Bonfire maintainers and contributors to communicate
