Sicherheitsupdate: Unberechtigte Zugriffe auf Zyxel-Firewalls möglich

Angreifer können bestimmte Firewalls von Zyxel attackieren. Angriffe sind aber nicht ohne Weiteres möglich.

https://www.heise.de/news/Sicherheitsupdate-Unberechtigte-Zugriffe-auf-Zyxel-Firewalls-moeglich-10794033.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#Firewall #IT #Patchday #Security #Sicherheitslücken #Updates #news

Sicherheitsupdate: Unberechtigte Zugriffe auf Zyxel-Firewalls möglich

Angreifer können bestimmte Firewalls von Zyxel attackieren. Angriffe sind aber nicht ohne Weiteres möglich.

https://www.heise.de/news/Sicherheitsupdate-Unberechtigte-Zugriffe-auf-Zyxel-Firewalls-moeglich-10794033.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#Firewall #IT #Patchday #Security #Sicherheitslücken #Updates #news

Tomorrow 2025-09-25 at 10:30 CEST, the refreshed "Network Management with the OpenBSD Packet Filter Toolset" https://events.eurobsdcon.org/2025/talk/FW39CX/ by yours truly, @stucchimax and Tom Smyth will start at #eurobsdcon.

We will put the updated slides online just before the session starts.

#openbsd #freebsd #pf #packetfilter #networking #firewall #trickery #security

Tomorrow 2025-09-25 at 10:30 CEST, the refreshed "Network Management with the OpenBSD Packet Filter Toolset" https://events.eurobsdcon.org/2025/talk/FW39CX/ by yours truly, @stucchimax and Tom Smyth will start at #eurobsdcon.

We will put the updated slides online just before the session starts.

#openbsd #freebsd #pf #packetfilter #networking #firewall #trickery #security

Does anyone know of a public set of ModSecurity exceptions for the fediverse/ActivityPub I can take a look at? I'm setting it up for GoToSocial and Mastodon now and manually doing this is pain.

Update, @cloudymax and I started a plugin here:
https://github.com/small-hack/argocd-apps/blob/2b7995c6fae5ecbb3944c6c6f4b139d98b76e67f/ingress-nginx/modsecurity_plugins_configmap.yaml#L177

Still happy to collaborate on it, but also wanted to note there was a mention a year ago about making an ActivityPub plugin over at the OWASP CRS repo, so maybe we could donate to that if its ever created:
https://github.com/coreruleset/coreruleset/issues/3497#issuecomment-1902181156

#WAF #modsecurity #nginx #apache #firewall #webApplicationFirewall #mastodon #gotosocial #activitypub

Does anyone know of a public set of ModSecurity exceptions for the fediverse/ActivityPub I can take a look at? I'm setting it up for GoToSocial and Mastodon now and manually doing this is pain.

Update, @cloudymax and I started a plugin here:
https://github.com/small-hack/argocd-apps/blob/2b7995c6fae5ecbb3944c6c6f4b139d98b76e67f/ingress-nginx/modsecurity_plugins_configmap.yaml#L177

Still happy to collaborate on it, but also wanted to note there was a mention a year ago about making an ActivityPub plugin over at the OWASP CRS repo, so maybe we could donate to that if its ever created:
https://github.com/coreruleset/coreruleset/issues/3497#issuecomment-1902181156

#WAF #modsecurity #nginx #apache #firewall #webApplicationFirewall #mastodon #gotosocial #activitypub

Burning it in for 12 hours now. It consumes 17W at idle running #OpenBSD 7.7 without apmd and ramps to 35W during KARL. Firmware was updated to the latest supported for the model and VT-x extensions have been turned off, this is just a firewall.

Thermals are good with the case back together. In 20 degrees ambient, they are reporting:
hw.sensors.cpu0.temp0=39.00 degC
hw.sensors.acpitz0.temp0=27.80 degC (zone temperature)
hw.sensors.nvme0.temp0=40.00 degC, OK

I did clean the heat sink and CPU, then applied new thermal paste. Time to build some ansible playbooks for management and then apply them, ready for production. #firewall#IPv6

Burning it in for 12 hours now. It consumes 17W at idle running #OpenBSD 7.7 without apmd and ramps to 35W during KARL. Firmware was updated to the latest supported for the model and VT-x extensions have been turned off, this is just a firewall.

Thermals are good with the case back together. In 20 degrees ambient, they are reporting:
hw.sensors.cpu0.temp0=39.00 degC
hw.sensors.acpitz0.temp0=27.80 degC (zone temperature)
hw.sensors.nvme0.temp0=40.00 degC, OK

I did clean the heat sink and CPU, then applied new thermal paste. Time to build some ansible playbooks for management and then apply them, ready for production. #firewall#IPv6

Id love to see some #solaris #illumos examples

Id love to see some #solaris #illumos examples

Long rumored, eagerly anticipated by some, you can now PREORDER "The Book of PF, 4th edition" https://nostarch.com/book-of-pf-4th-edition for the most up to date guide to the OpenBSD and FreeBSD networking toolset #openbsd #freebsd #networking #pf #packetfilter #firewall #preorder #security

Long rumored, eagerly anticipated by some, you can now PREORDER "The Book of PF, 4th edition" https://nostarch.com/book-of-pf-4th-edition for the most up to date guide to the OpenBSD and FreeBSD networking toolset #openbsd #freebsd #networking #pf #packetfilter #firewall #preorder #security

Unfortunately, public wifi and other badly configured #firewalls killed the concept of TCP ports. There is only one port left, that's 443 for everything.

Some people argue, it is a blessing for #privacy, because all our criminal #Jabber usage is hidden now.

Comparing firewall syntax for SSH (port 22) with default-deny:
================================================

#iptables (Linux)
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -P INPUT DROP

#nftables (Linux)
nft add rule inet my_filter input tcp dport 22 accept
nft add rule inet my_filter input drop

#ufw (Linux - simplified frontend to iptables)
ufw allow 22/tcp
ufw default deny incoming

#pf (OpenBSD)
pass in proto tcp to port 22
block all

pf’s syntax feels so elegant, human-readable, & minimal!

After 20years scripting iptables, I’m ready to try UFW on my laptop.
#firewall #sysadmin #pf #iptables #ufw #nftables