Finally ditched my ISP’s router and installed my own opnsense firewall with my own Access Point. I have crowdsec running on opnsense to block attacks + adguard to block ads and malicious domains. My network is segmented between my homelab that is exposed and my AP.

Finally feels quite safe in my network 😅

  • whimsy@lemmy.zipEnglish
    351·
    21 days ago

    Networking isn’t my strong suit, so this might be a stupid question. But what exactly is a hardware firewall? Is it the same thing as my Internet facing router blocking incoming packets which haven’t been requested from “inside the home” network?

    • irmadlad@lemmy.worldEnglish
      24·
      21 days ago

      A hardware firewall generally indicates a standalone appliance that is dedicated to being a firewall. Not to be confused with a software firewall as you would see with UFW, or Windows Defender. Modern routers do possess some of the same tenets of a hardware firewall, but a dedicated hardware firewall usually gives a broader range of defenses such as IDS/IPS, filtering, etc.

      I have a dedicated hardware firewall in the form of pFsense. The ‘black box’ in OP’s picture is the hardware firewall.

  • Decronym@lemmy.decronym.xyzBEnglish
    20·
    18 days ago

    Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

    Fewer Letters More Letters
    AP WiFi Access Point
    DNS Domain Name Service/System
    IP Internet Protocol
    IoT Internet of Things for device controllers

    4 acronyms in this thread; the most compressed thread commented on today has 14 acronyms.

    [Thread #47 for this comm, first seen 31st Jan 2026, 16:30] [FAQ] [Full list] [Contact] [Source code]

  • snekerpimp@lemmy.worldEnglish
    8·
    21 days ago

    That looks exactly like the box I grabbed. Are you running your opnsense on the bare metal, or are you virtualizing it? My only regret for mine was not picking up more ram.

  • irmadlad@lemmy.worldEnglish
    7·
    21 days ago

    OP, you may want to look into ntopng. I think opnsense has a ntopng plugin. I find it very useful for traffic analysis.

  • irmadlad@lemmy.worldEnglish
    3·
    21 days ago

    I have crowdsec running on opnsense to block attacks

    Crowdsec is a pretty good package. It does blocking, but is geared more to being an IDS. Opnsense supports Suricata which is a more aggressive, and all encompassing IDS/IPS. I don’t think opnsense supports it’s cousin Snort.

    • pimpampoom@lemmy.zipOPEnglish
      2·
      21 days ago

      I considered suricata but for now I think crowdsec works well enough, I’ll see later if I think suricata could be more useful

      • irmadlad@lemmy.worldEnglish
        2·
        21 days ago

        Cool, cool. I was just throwing it out there if you hadn’t considered it. It’s quite a powerful package.

    • Shabby4582@lemmy.worldEnglish
      5·
      21 days ago

      Looks like one of the qotom/topton boxes you can find on aliexpress.

      Can also pick them up with preinstalled *sense from Protectli (which I did I regretted nothing, totally great experience.)

      • pimpampoom@lemmy.zipOPEnglish
        5·
        21 days ago

        Indeed it’s a topton mini pc/firewall. It’s costs 300€ on AliExpress :) I removed Pfsense and installed opnsense

  • SayCyberOnceMore@feddit.ukEnglish
    3·
    21 days ago

    Nice.

    Running different SSIDs too?

    I put all my IoT stuff on a dedicated 2.4-only network, VLANd it to the (pfsense) firewall which allows the VLAN trunk to be split into separate logical NICs that I apply different policies to, like no access to the internet, etc…

    • pimpampoom@lemmy.zipOPEnglish
      2·
      21 days ago

      At the moment I only have one WiFi instance, not planning to separate yet but it could be a future upgrade since I have a few IoT devices.