Discussion
Loading...

#Tag

  • About
  • Code of conduct
  • Privacy
  • Users
  • Instances
  • About Bonfire
heise online boosted
heise Security
@heisec@social.heise.de  ·  activity timestamp 6 days ago

Sicherheitsupdate: Unberechtigte Zugriffe auf Zyxel-Firewalls möglich

Angreifer können bestimmte Firewalls von Zyxel attackieren. Angriffe sind aber nicht ohne Weiteres möglich.

https://www.heise.de/news/Sicherheitsupdate-Unberechtigte-Zugriffe-auf-Zyxel-Firewalls-moeglich-10794033.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#Firewall #IT #Patchday #Security #Sicherheitslücken #Updates #news

https://social.heise.de/tags/Sicherheitsl%C3%BCcken
Security

Sicherheitsupdate: Unberechtigte Zugriffe auf Zyxel-Firewalls möglich

Angreifer können bestimmte Firewalls von Zyxel attackieren. Angriffe sind aber nicht ohne Weiteres möglich.
  • Copy link
  • Flag this post
  • Block
heise Security
@heisec@social.heise.de  ·  activity timestamp 6 days ago

Sicherheitsupdate: Unberechtigte Zugriffe auf Zyxel-Firewalls möglich

Angreifer können bestimmte Firewalls von Zyxel attackieren. Angriffe sind aber nicht ohne Weiteres möglich.

https://www.heise.de/news/Sicherheitsupdate-Unberechtigte-Zugriffe-auf-Zyxel-Firewalls-moeglich-10794033.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#Firewall #IT #Patchday #Security #Sicherheitslücken #Updates #news

https://social.heise.de/tags/Sicherheitsl%C3%BCcken
Security

Sicherheitsupdate: Unberechtigte Zugriffe auf Zyxel-Firewalls möglich

Angreifer können bestimmte Firewalls von Zyxel attackieren. Angriffe sind aber nicht ohne Weiteres möglich.
  • Copy link
  • Flag this post
  • Block
Stefano Marinelli boosted
Peter N. M. Hansteen
@pitrh@mastodon.social  ·  activity timestamp last month

Tomorrow 2025-09-25 at 10:30 CEST, the refreshed "Network Management with the OpenBSD Packet Filter Toolset" https://events.eurobsdcon.org/2025/talk/FW39CX/ by yours truly, @stucchimax and Tom Smyth will start at #eurobsdcon.

We will put the updated slides online just before the session starts.

#openbsd #freebsd #pf #packetfilter #networking #firewall #trickery #security

Network Management with the OpenBSD Packet Filter Toolset (T5) EuroBSDCon 2025

The OpenBSD Packet Filter (PF) is at the core of the network management toolset available to professionals working with the OpenBSD and FreeBSD operating systems. Understanding the PF subsystem and the set of networking tools that interact with it is essential to building and maintaining a functional environment. The present session will both teach networking and security principles and provide opportunity for hands-on operation of the extensive network tools available on OpenBSD and FreeBSD in a lab environment. Basic to intermediate understanding of TCP/IP networking is expected and required for this session. Topics covered include The basics of and network design and taking it a bit further Building rulesets Keeping your configurations readable and maintainable Seeing what your traffic is really about with your friend tcpdump(8) Filtering, diversion, redirection, Network Address Translation Handling services that require proxying (ftp-proxy and others) Address tables and daemons that interact with your setup through them The whys and hows of network segmentation, DMZs and other separation techniques Tackling noisy attacks and other pattern recognition and learning tricks Annoying spammers with spamd Basics of and not-so basic traffic shaping Monitoring your traffic Resilience, High Availability with CARP and pfsync Troubleshooting: Discovering and correcting errors and faults (tcpdump is your friend) Your network and its interactions with the Internet at large Common mistakes in internetworking and peering Keeping the old IPv4 world in touch with the new of IPv6 The tutorial is lab centered and fast paced. Time allowing and to the extent necessary, we will cover recent developments in the networking tools and variations between the implementations in the OpenBSD and FreeBSD operating systems. Participants should bring a laptop for the hands on labs part and for note taking. The format of the session will be compact lectures interspersed with hands-on lab excercises based directly on the theory covered in the lecture parts. This session is an evolutionary successor to previous sessions. Slides for the most recent version of the PF tutorial session are up at https://nxdomain.no/~peter/pf_fullday.pdf, to be updated with the present version when the session opens.
  • Copy link
  • Flag this post
  • Block
Peter N. M. Hansteen
@pitrh@mastodon.social  ·  activity timestamp last month

Tomorrow 2025-09-25 at 10:30 CEST, the refreshed "Network Management with the OpenBSD Packet Filter Toolset" https://events.eurobsdcon.org/2025/talk/FW39CX/ by yours truly, @stucchimax and Tom Smyth will start at #eurobsdcon.

We will put the updated slides online just before the session starts.

#openbsd #freebsd #pf #packetfilter #networking #firewall #trickery #security

Network Management with the OpenBSD Packet Filter Toolset (T5) EuroBSDCon 2025

The OpenBSD Packet Filter (PF) is at the core of the network management toolset available to professionals working with the OpenBSD and FreeBSD operating systems. Understanding the PF subsystem and the set of networking tools that interact with it is essential to building and maintaining a functional environment. The present session will both teach networking and security principles and provide opportunity for hands-on operation of the extensive network tools available on OpenBSD and FreeBSD in a lab environment. Basic to intermediate understanding of TCP/IP networking is expected and required for this session. Topics covered include The basics of and network design and taking it a bit further Building rulesets Keeping your configurations readable and maintainable Seeing what your traffic is really about with your friend tcpdump(8) Filtering, diversion, redirection, Network Address Translation Handling services that require proxying (ftp-proxy and others) Address tables and daemons that interact with your setup through them The whys and hows of network segmentation, DMZs and other separation techniques Tackling noisy attacks and other pattern recognition and learning tricks Annoying spammers with spamd Basics of and not-so basic traffic shaping Monitoring your traffic Resilience, High Availability with CARP and pfsync Troubleshooting: Discovering and correcting errors and faults (tcpdump is your friend) Your network and its interactions with the Internet at large Common mistakes in internetworking and peering Keeping the old IPv4 world in touch with the new of IPv6 The tutorial is lab centered and fast paced. Time allowing and to the extent necessary, we will cover recent developments in the networking tools and variations between the implementations in the OpenBSD and FreeBSD operating systems. Participants should bring a laptop for the hands on labs part and for note taking. The format of the session will be compact lectures interspersed with hands-on lab excercises based directly on the theory covered in the lecture parts. This session is an evolutionary successor to previous sessions. Slides for the most recent version of the PF tutorial session are up at https://nxdomain.no/~peter/pf_fullday.pdf, to be updated with the present version when the session opens.
  • Copy link
  • Flag this post
  • Block
Emelia 👸🏻 boosted
JesseBot
@jessebot@social.smallhack.org  ·  activity timestamp 2 months ago

Does anyone know of a public set of ModSecurity exceptions for the fediverse/ActivityPub I can take a look at? I'm setting it up for GoToSocial and Mastodon now and manually doing this is pain.

Update, @cloudymax and I started a plugin here:
https://github.com/small-hack/argocd-apps/blob/2b7995c6fae5ecbb3944c6c6f4b139d98b76e67f/ingress-nginx/modsecurity_plugins_configmap.yaml#L177

Still happy to collaborate on it, but also wanted to note there was a mention a year ago about making an ActivityPub plugin over at the OWASP CRS repo, so maybe we could donate to that if its ever created:
https://github.com/coreruleset/coreruleset/issues/3497#issuecomment-1902181156

#WAF #modsecurity #nginx #apache #firewall #webApplicationFirewall #mastodon #gotosocial #activitypub

  • Copy link
  • Flag this post
  • Block
JesseBot
@jessebot@social.smallhack.org  ·  activity timestamp 2 months ago

Does anyone know of a public set of ModSecurity exceptions for the fediverse/ActivityPub I can take a look at? I'm setting it up for GoToSocial and Mastodon now and manually doing this is pain.

Update, @cloudymax and I started a plugin here:
https://github.com/small-hack/argocd-apps/blob/2b7995c6fae5ecbb3944c6c6f4b139d98b76e67f/ingress-nginx/modsecurity_plugins_configmap.yaml#L177

Still happy to collaborate on it, but also wanted to note there was a mention a year ago about making an ActivityPub plugin over at the OWASP CRS repo, so maybe we could donate to that if its ever created:
https://github.com/coreruleset/coreruleset/issues/3497#issuecomment-1902181156

#WAF #modsecurity #nginx #apache #firewall #webApplicationFirewall #mastodon #gotosocial #activitypub

  • Copy link
  • Flag this post
  • Block
Stefano Marinelli boosted
Jason Tubnor 🇦🇺
@Tubsta@soc.feditime.com  ·  activity timestamp 2 months ago

Burning it in for 12 hours now. It consumes 17W at idle running #OpenBSD 7.7 without apmd and ramps to 35W during KARL. Firmware was updated to the latest supported for the model and VT-x extensions have been turned off, this is just a firewall.

Thermals are good with the case back together. In 20 degrees ambient, they are reporting:
hw.sensors.cpu0.temp0=39.00 degC
hw.sensors.acpitz0.temp0=27.80 degC (zone temperature)
hw.sensors.nvme0.temp0=40.00 degC, OK

I did clean the heat sink and CPU, then applied new thermal paste. Time to build some ansible playbooks for management and then apply them, ready for production. #firewall#IPv6

  • Copy link
  • Flag this post
  • Block
Jason Tubnor 🇦🇺
@Tubsta@soc.feditime.com  ·  activity timestamp 2 months ago

Burning it in for 12 hours now. It consumes 17W at idle running #OpenBSD 7.7 without apmd and ramps to 35W during KARL. Firmware was updated to the latest supported for the model and VT-x extensions have been turned off, this is just a firewall.

Thermals are good with the case back together. In 20 degrees ambient, they are reporting:
hw.sensors.cpu0.temp0=39.00 degC
hw.sensors.acpitz0.temp0=27.80 degC (zone temperature)
hw.sensors.nvme0.temp0=40.00 degC, OK

I did clean the heat sink and CPU, then applied new thermal paste. Time to build some ansible playbooks for management and then apply them, ready for production. #firewall#IPv6

  • Copy link
  • Flag this post
  • Block
Stefano Marinelli boosted
joany
@joany@mastodon.bsd.cafe  ·  activity timestamp 2 months ago
#Firewall that doesn't give you any surprises?
What do YOU got?

Id love to see some #solaris #illumos examples

  • Copy link
  • Flag this post
  • Block
joany
@joany@mastodon.bsd.cafe  ·  activity timestamp 2 months ago
#Firewall that doesn't give you any surprises?
What do YOU got?

Id love to see some #solaris #illumos examples

  • Copy link
  • Flag this post
  • Block
Michael Dexter boosted
Peter N. M. Hansteen
@pitrh@mastodon.social  ·  activity timestamp 4 months ago

Long rumored, eagerly anticipated by some, you can now PREORDER "The Book of PF, 4th edition" https://nostarch.com/book-of-pf-4th-edition for the most up to date guide to the OpenBSD and FreeBSD networking toolset #openbsd #freebsd #networking #pf #packetfilter #firewall #preorder #security

  • Copy link
  • Flag this post
  • Block
Peter N. M. Hansteen
@pitrh@mastodon.social  ·  activity timestamp 4 months ago

Long rumored, eagerly anticipated by some, you can now PREORDER "The Book of PF, 4th edition" https://nostarch.com/book-of-pf-4th-edition for the most up to date guide to the OpenBSD and FreeBSD networking toolset #openbsd #freebsd #networking #pf #packetfilter #firewall #preorder #security

  • Copy link
  • Flag this post
  • Block
Debacle
@debacle@framapiaf.org  ·  activity timestamp 6 months ago
@sbb @raucao @prosodyim

Unfortunately, public wifi and other badly configured #firewalls killed the concept of TCP ports. There is only one port left, that's 443 for everything.

Some people argue, it is a blessing for #privacy, because all our criminal #Jabber usage is hidden now.

  • Copy link
  • Flag this post
  • Block
r1w1s1
@r1w1s1@snac.bsd.cafe  ·  activity timestamp 6 months ago

Comparing firewall syntax for SSH (port 22) with default-deny:
================================================

#iptables (Linux)
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -P INPUT DROP

#nftables (Linux)
nft add rule inet my_filter input tcp dport 22 accept
nft add rule inet my_filter input drop

#ufw (Linux - simplified frontend to iptables)
ufw allow 22/tcp
ufw default deny incoming

#pf (OpenBSD)
pass in proto tcp to port 22
block all

pf’s syntax feels so elegant, human-readable, & minimal!

After 20years scripting iptables, I’m ready to try UFW on my laptop.
#firewall #sysadmin #pf #iptables #ufw #nftables

  • Copy link
  • Flag this post
  • Block
Log in

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances
Bonfire social · 1.0.0-rc.3.21 no JS en
Automatic federation enabled
  • Explore
  • About
  • Members
  • Code of Conduct
Home
Login