|
|||
Dual firewalls inside PF?
Hi, I am a newbie in OpenBSB and learning to use OPENBSD 6.5. I have NUC6CAYH box with ax88179 USB 3.0 to Ethernet for setting up a secure gateway for my household.
I am wondering if it is possible to have two separated firewalls inside single NUC6CAYH box? I mean one firewall to control NIC traffic that connected to modem box; and other firewall to control ax88179 USB 3.0 to Ethernet traffic that connect to wireless router box by using the separate rulesets and tables inside PF. In between firewalls I will setup Privoxy (web content filtering) server and maybe IDPS if there are enough CPU & memory juices inside NUC6CAYH box to protect my young children on the internet including prevent the data leakages into internet. Please advise, thank you. |
|
|||
You probably don't need two firewalls. Rules may be applied per network interface. If you really going to do something advanced you may use multiple rtables/rdomains, but probably it is not necessary.
Privoxy is currently less useful than it used to be, because of secure connections (HTTPS) and HTTP/2 protocol. Maybe try DNS-based blocklists? https://www.privoxy.org/faq/misc.html#SSL https://www.privoxy.org/faq/misc.html#HTTP2
__________________
Signature: Furthermore, I consider that systemd must be destroyed. Based on Latin oratorical phrase |
|
|||
Hi E1-531g,
Thank you for your quick response. I will have a go with a single firewall as you have suggested. Then may add the second firewall later to see how it goes. In my original plan for having two controlled firewalls because the most common static ports 25, 53, 80, 110, 443, 445, etc. are always opened to allow malware software attack for any unauthorised data leaks, botnets, backdoor access, etc. for sending back to bad guys or even rouge spooks/hackers who knows. That is why I was thinking a firewall to control ax88179 USB 3.0 to Ethernet traffic to wireless router box could close all these static ports in firewall’s end and use proxy’s customised port numbers. Firewall to control NIC traffic that connected to modem box may open these ports through the firewall’s filtered known IP addresses to support Privoxy and email gateway. Hope this make more sense. :-) If Privoxy becoming less useful, is there any other better web content filtering software tool to support openbsd platform? Just curious thanks. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Backdoor in NetScreen firewalls gives attackers admin access, VPN decrypt ability. | e1-531g | News | 5 | 19th December 2015 11:42 AM |
FreeBSD PlayStation 4 is FreeBSD inside | J65nko | News | 1 | 26th June 2013 11:31 PM |
Two open source web application firewalls announced | J65nko | News | 0 | 15th February 2011 12:55 AM |
Can anybody recommend a book for learning how to work with OpenBSD firewalls? | jepettrey | OpenBSD Security | 6 | 24th November 2010 02:28 PM |
Couple of network questions (NAT, firewalls) | ivanatora | FreeBSD General | 10 | 21st July 2008 05:26 PM |