<div dir="ltr"><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Jan 2, 2017 at 8:13 PM, Alex Carver <span dir="ltr"><<a href="mailto:agcarver+ale@acarver.net" target="_blank">agcarver+ale@acarver.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On 2017-01-02 16:55, DJ-Pfulio wrote:<br>
</span><span class="">> On 01/02/2017 06:55 PM, Robert L. Harris wrote:<br>
>> Linux firewall<br>
><br>
> That can mean almost anything.<br>
><br>
> VLANs are "suggestions", not security, unless there is physical separation at<br>
> some point.<br>
><br>
> Better to segment the network using a different router port for each subnet and<br>
> separate "dumb" switches for each, as needed.<br>
><br>
> This is actually how I do it, but with pfsense for the router. A normal linux<br>
> distro can do it, just tie the firewall rules to the specific interface. Don't<br>
> know about typical $20 home routers.<br>
<br>
</span>If you have a router with something like OpenWRT installed then it can<br>
handle tagging, too. Otherwise it's probably easiest to get something<br>
like a Ubiquiti EdgeRouter if an appliance is desired instead of rolling<br>
one from scratch.<br>
<div class="HOEnZb"><div class="h5"><br>
______________________________<wbr>_________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" rel="noreferrer" target="_blank">http://mail.ale.org/mailman/<wbr>listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" rel="noreferrer" target="_blank">http://mail.ale.org/mailman/<wbr>listinfo</a><br>
</div></div></blockquote></div><div class="gmail_extra"><br></div>Like JD, I use pfsense, but I also have a Netgear GT748 switch that does vlans. I have four that my pfsense manages </div><div class="gmail_extra"><br></div><div class="gmail_extra">vlan1 <a href="http://192.168.1.0/24">192.168.1.0/24</a> things that can be open </div><div class="gmail_extra">vlan2 <a href="http://192.168.5.0/24">192.168.5.0/24</a> things that are blocked ( my kids network, they have their only wireless network )</div><div class="gmail_extra">vlan3 <a href="http://192.168.10.0/24">192.168.10.0/24</a> things that I need for work, they can be access via my openvpn </div><div class="gmail_extra">vlan4 <a href="http://192.168.253.0/24">192.168.253.0/24</a> openvpn </div><div class="gmail_extra"><br></div><div class="gmail_extra">I know it a bit much, but after catching someone spying on me this summer, I had to bring things out. With kids under 18, I feel much better that I am monitor and blocking things. Like, my 5 year finds youtube videos of let things I not ready to talk about so easy, are bloclked now. The firewall logs are great. You can click on ip and setup rules right there, in matters of seconds. </div><div class="gmail_extra"><br></div><div class="gmail_extra">I tried to do with this openSUSE, they have a great firewall that is built in, but iptables rules can be hard to write. One thing that won me more over with pfsense, was the fact I had a hard fail on my Saturday. I fired up a virt, took a backup that I had made and restored it, it installed all my adds (nmap, openvpnclient, darkstat, and more ) with our me asking. It read it from the config, I only lost two vpn accounts because they made after my last backup. But I was only down for 15mins, I have since replaced the drive and it backup with the update config. Doing a fresh install of openSUSE or Debian, usually takes much longer. <br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">Terror PUP a.k.a<br>Chuck "PUP" Payne<br>-----------------------------------------<br>Discover it! Enjoy it! Share it! openSUSE Linux.<br>-----------------------------------------<br>openSUSE -- Terrorpup<br>openSUSE Ambassador/openSUSE Member<br>skype,twiiter,identica,friendfeed -- terrorpup<br>freenode(irc) --terrorpup/lupinstein<br>Register Linux Userid: 155363<br> <br>Have you tried SUSE Studio? Need to create a Live CD, an app you want to package and distribute , or create your own linux distro. Give SUSE Studio a try.</div></div>
</div></div>