Old Profile: https://beehaw.org/u/Mikelius
Lots of comments already mentioning the differences. I have tried these, including the mentioned ipfire, and decided on the end to use opnsense plus openwrt on two different devices.
I chose opnsense at the time many years ago because it supported wireguard out of the box, where as pfsense required some weird install process I didn't want to deal with. Plus I liked the UI to opnsense more.
My moden has been literally replaced by my firewall so I have the ONT connected to it and then use it to do all the heavy lifting for... Well, firewall stuff. It connects to a VPN so my entire network routes through the VPN. Then my openwrt device is connected to that. It also handles firewall stuff, but more at an internal level (keeping network devices only permitted to communicate with devices I say are okay, blocking internet access, etc) and also hosts my nginx setup to route to various servers.
While I could do everything on one machine with opnsense, I've got a particular setup that allows me to have multiple devices at the firewall level, truly isolated from the rest of my internal network (for a couple of internet open port services). And it gives me peace of mind that if someone found a zero day in opnsense, I'm not totally screwed unless they also got one in openwrt.
To answer "which is better to begin with", I personally find opnsense way more flexible and robust than the other 2 options. Has a lot more capabilities and upgrading is super easy without requiring jumping through weird hoops and such like openwrt does.
Unless it's my cat. Got heavily filtered water and use it to fill 3 different fountain bowls in different parts of the house (none near the food source, but I did that because if they are, she'll eat her food over them...) and the cat still demands I turn the sink on instead. Same exact water, and even though I change her water out almost every other day, the sink wins. Just glad she hasn't figured out how to turn it on yet...
Funny enough the last fountain I got looks like a faucet and she's like "nah I'm not stupid, turn the sink on."
I'll have to check out TrackerControl, that's a new one to me!
I have seen app manager but currently use AppOps. I didn't recommend AppOps above because I'm not sure it's still supported or not, and it's also not really Foss. It's treated me well over the years, but I'm definitely interested in finding a better alternative. The last time I checked app manager, it wasn't as good... But maybe that's changed as it's been several years now so I think I might be due for looking at it again!
My wireguard connection on my phone connects to my home network to an pi hosting my internal VPN... But the network is completely covered by a mullvad VPN through opnsense. I've got pihole setup using the mullvad anti-trackkng private DNS. With this setup, the only real need I have for root on my phone is because I do some pretty low level automation on it through crond and some backups of core app data that I'd really hate to lose... And the complex firewall rules lol.
This is where rooting the phone is required. I use wireguard without root and have AFWall granted with root at bootup so it doesn't require acting as a VPN
- AFWall+ firewall to allow list apps to internet using your preferred method (e.g. VPN, wifi, data, etc)
- PcapDroid to help monitor and analyze packets, or to just confirm things aren't communicating unexpectedly
- AdAway if you're not using your own dedicated dns over a permanent VPN connection
If not all 3 of these, AFWall is probably the best to go with. Having a way to not only block Apps, but also define your own custom firewall rules is very powerful. For example, I redirect all DNS requests to my own DNS with a custom rule (for apps, like Termux, using hardcoded DNS lookups instead of what the phone is set to)
I totally thought because of how long the equals looked, it was multiple equals characters, not just >>= lol. That's what got me confused. Don't think these are things I'd personally use but each to their own preferences right xD
What is that weird >>=== symbol? Looks like a cross breed between C and JavaScript here.
Try using the private IP options instead and see if that works. The generic one being 10.64.0.1, but other options that include ad voicing and such ranging from 100.64.0.1 to 100.64.0.25 or something like that. I've got my entire network setup behind their VPN and a a pihole pointing to one of their private DNS addresses without any issues. I left their pubic DNS years ago so that I could make sure my DNS requests were always within the tunnel instead
- JumpDeleted
deleted by creator
Remember, you can always opt out of sending any technical or usage data to Firefox.
How about you show you respect user privacy by making it an opt-in...?
Feels like no matter where I turn, even the "privacy friendly" options turn away from privacy eventually.
I hate short variable names in general too, but am okay with them for iterators where i and j represent only indices, and when x/y/z represent coordinates (like a for loop going over x coordinates). In most cases I actually prefer this since it keeps me from having to think about whether I'm looking at an integer iterator or object/dictionary iterator loop, as long as the loop remains short. When it gets to be ridiculous in size, even i and j are annoying. Any other short names are a no go for me though. And my god, the abbreviations... Those are the worst.
Not much for myself, like many others. But my backups are manual. I have an external drive I backup to and unplug as I intentionally want to keep it completely isolated from the network in case of a breach. Because of that, maybe 10 minutes a week? Running gentoo with tons of scripts and docker containers that I have automatically updating. The only time I need to intervene the updates is when my script sends me a push notification of an eselect news item (like a major upcoming update) or kernel update.
I also use a custom monitoring software I wrote that ties into a MySQL db that's connected to with grafana for general software, network alerts (new devices connecting to network, suspicious DNS requests, suspicious ports, suspicious countries being reached out to like china, etc) or hardware failures (like a raid drive failing).... So yeah, automate if you know how to script or program, and you'll be pretty much worry free most of the time.
Plus 1 to openvas. UI is indeed horrendous though.
Be careful running high load tests against sensitive devices. I once ran it against a PoE switch I used for my cameras and it did something so crazy that it required me not to only power cycle the switch, but to disconnect all the cameras first and then power cycle. Was super confusing and felt like it found a way to short the device lol. Scared the hell out of me.
That being said, I've found many many things to improve on my devices thanks to openvas.
- JumpDeleted
Permanently Deleted
It's not free, they ask you to buy credits. I didn't buy any so don't know how much they cost, but just mentioning to make this clear.
I assume anyone who's set their profile to private without sharing apps, external links, etc, and only go to private servers wouldn't have much to worry about against this scenario?
Even if a game doesn't look like it'll work based on protondb, try it anyway. Many times I've had games that were marked as low ratings start up without any changes lol. I remember even when d4 beta came out, I saw people struggling to install and play it on the first weekend... Worked out of the box for me.
I also use Linux mint with cinnamon... Is this not just the Ctrl + Fn + arrow key? I think that's it, or maybe shift (not at my computer to check). Either way, I use this all the time to fit windows either on 50% of the left or right, or in one of the 4 corners. For example, if I want it in the top right, I just use the hot keys and target right then up.
I tend to find out about vulnerabilities before it hits the news outlets from the rss feed at https://seclists.org/oss-sec/
Other than that, I've got a bunch of other security feeds I follow and also have automated updates with just about everything.
I personally use it on a protectli with the 2.5G ports. I also replaced my ISP modern with a protectli running OpnSense. Decided to opt into that as my solution to have two different softwares protecting my network and also so I could scope internet facing devices at the OpnSense level instead of internal to the network. Just in case they get compromised, they can't access the rest of the network. Call me paranoid... But I also find it much easier to manage lol.
If you have a pi or Linux box, try setting it up as a syslog server. Then tell opnsense to use that for forwarding logs to. Doesn't guarantee you'll see what went wrong, but maybe it'll help.
I'm not sure opnsense has journalctl or something similar, but that would be a good place to look for some history, too.
Okay hopefully attaching images work on this app, never tried on Lemmy lol. I blocked the domain on my network firewall and then unblocked it from the DNS to confirm... and yes, the latest rustdesk appimage still calls out. I guess my memory of trying to disable the relay server was to try and force it to localhost in the settings. Could have swore there was a checkmark setting in there, but maybe that was some other software. The fields are default blank I believe.
However... I just tried to put 127.0.0.1 in ALL the fields (unlike the screenshot, which was when I checked what I had in there before), and it appears to now to call localhost. Either I goofed before, or it was fixed recently, because I am pretty sure I did try that before. It doesn't get you around the very first call made when running the software of course... Opt out, not opt in, lol. But hey at least it's possible now? I just tried on mobile and it worked there to when filling everything in with 127.0.0.1.
I personally use mullvad for all outgoing traffic and then airvpn for any let forwarding I require. Basically airvpn is exclusive to incoming traffic, like my self hosted services or game servers, and then anything I do on the internet routes through mullvad. All setup through opnsense since they both support wireguard.
I always had issues with proton's port forwarding being reliable in the past. That being said, if you need things like video streaming services, mullvad seems to be having a hard time with these recently where as proton worked well for me back when I used it (unsure if that's still true).