Leaderboard


Popular Content

Showing content with the highest reputation on 05/12/2018 in all areas

  1. 1 point
    I've been debating on which direction to go with regards to my perimeter firewall on my home network. In talking to systems_glitch in IRC he suggested that I give OpenBSD a go (he probably regrets this as I've been bugging this crap out of him about it). I was a little gun shy about it at first since it would be my first experience with pf, and even OpenBSD itself, but the *NIX nerd in me decided to dive in head first. Although it's only been a couple of days, I am very happy with the setup! I used an old Dell OptiPlex 755 inherited from the ewaste pile at $dayjob. It's got an Intel Core2 Duo E650 2.33 GHz CPU, 8 GB RAM, a 128 GB SSD, gigabit NIC onboard. I happened to have an Intel PRO/1000 quad PCIe NIC in my stash which other than needing a half-height bracket (ordered and en-route from good ol' China) works beautifully. Until the bracket arrives I'll just run it with the cover off. The machine could use a nice does of compressed air, too. Performance wise I am very impressed. I was leary of a box like this being able to handle gigabit throughput between firewall zones, but this box handles it like a champ. CPU usage when doing scp between two hosts on separate zones is maybe 30% peak. I have enabled some additional logging since this testing so I suspect CPU usage will be higher...I plan to test this soon. Right now I'm using the onboard NIC as the "WAN" interface and a single interface on the PRO/1000 card for an inside zone. Eventually I'm going to put all 4 of the PRO/1000 interfaces in a LACP bond and set up multiple zones using VLANs, but that is dependent on another network project of mine that is still in progress. Before this I was using a Ubiquiti EdgeRouter PoE. I can tell you hands down I prefer pf & OpenBSD wayyyy more over EdgeOS/VyOS. If anyone has any tips/tricks on configuring pf security/performance wise, I am all eyes. My config for reference (it's fairly basic right now): https://ghostbin.com/paste/sjfav And, the obligatory pics!