Firewalls

Inadvertently Opened SSH Remote Access

Inadvertently Opened SSH Remote Access

Be careful when using aliases because you could expose unnecessary services to the world...

In my network, I created an alias for all of the ports I have open on my server so that I can create firewall rules to allow several of my VLANs to access the services hosted on my server. The benefit of creating an alias is that I do not need to create 4 separate firewall rules to open 4 different ports to my server and then repeat this process for each VLAN I need to allow access (yes, you could use floating rules or rule groups depending on the order you need rules to be processed).
OPNsense Firewall Rule "Cheat Sheet"

OPNsense Firewall Rule "Cheat Sheet"

A quick guide to creating firewall rules in various situations

When looking up information on how to write firewall rules in OPNsense, you may be looking for specific examples on how to block or allow certain types of network traffic rather than how to write firewall rules in general. This is especially true once you become more experienced and comfortable with writing rules. I thought it would be a good idea to consolidate a variety of scenarios into a single how-to that could be used as a quick reference guide.
How to Protect Against the Cable Haunt Vulnerability Using OPNsense

How to Protect Against the Cable Haunt Vulnerability Using OPNsense

Is your modem vulnerable to Cable Haunt and your ISP has not provided a firmware update? Take matters into your own hands!

Cable Haunt is a recent vulnerability that has been found in over 200 million cable modems in Europe and likely many more in other countries as well. Many modern modems use similar Broadcom chipsets and used the same reference firmware which contained the vulnerability. Because of this, the impact of this vulnerability is much greater than it would have been otherwise. Software running in many (probably nearly all) consumer modems have not implemented best practices for security.
Need an Offline Local Network for a Home Lab or IP Video Cameras?

Need an Offline Local Network for a Home Lab or IP Video Cameras?

Configure OPNsense to create an isolated VLAN with no Internet access

Having an offline local network with no Internet access can be useful for a number of reasons. A few that come to mind are home lab networks, non-cloud IoT device networks, and “closed circuit” IP security camera network. For my network, I set up a separate offline IP security camera network that I am using as a baby monitor system (the quality is so much better and it is more secure than traditional baby monitors because I can lock down access from outside users).
Harden Your Home Network Against Network Intrusions

Harden Your Home Network Against Network Intrusions

Configure intrusion detection in OPNsense

The Internet is full of malicious actors looking to take advantage of insecure networks and devices. While corporate and government targets may be the biggest targets because of the valuable data they possess, home users still need to be cautious. Phishing attacks usually via email is the most common attack for home users. Fortunately, those attacks are typically easy to avoid by cautious users that do not blindly click every attachment and web link contained in their emails.