As I have mentioned in my how-to on creating an isolated network, I have several Amcrest IP cameras (affiliate link) on an isolated network which I use mostly as high quality baby camera monitors. Recently my family decided to get an outdoor camera (affiliate link) to put on the front porch and a video doorbell (affiliate link) for the front door to help monitor the entire front of our house.
A DMZ (demilitarized zone) is a segmented part of a network that is used to host all publicly accessible websites and services. The intention is to protect the internal network from external threats. It is an effective strategy to minimize public exposure of your critical assets as well as limit the damage caused when an intruder is able to penetrate your network. A great definition of a DMZ can be found here.
In my network, I created an alias for all of the ports I have open on my server so that I can create firewall rules to allow several of my VLANs to access the services hosted on my server. The benefit of creating an alias is that I do not need to create 4 separate firewall rules to open 4 different ports to my server and then repeat this process for each VLAN I need to allow access (yes, you could use floating rules or rule groups depending on the order you need rules to be processed).
When looking up information on how to write firewall rules in OPNsense, you may be looking for specific examples on how to block or allow certain types of network traffic rather than how to write firewall rules in general. This is especially true once you become more experienced and comfortable with writing rules. I thought it would be a good idea to consolidate a variety of scenarios into a single how-to that could be used as a quick reference guide.
Cable Haunt is a recent vulnerability that has been found in over 200 million cable modems in Europe and likely many more in other countries as well. Many modern modems use similar Broadcom chipsets and used the same reference firmware which contained the vulnerability. Because of this, the impact of this vulnerability is much greater than it would have been otherwise. Software running in many (probably nearly all) consumer modems have not implemented best practices for security.
