submitted 10 months ago by kY2iB3yH0mN8wI2h@alien.top to c/homelab@selfhosted.forum

1 comments fedilink hide all child comments

This bugs me a bit so just seeking out to see what you folks do here, at lest you who work in security or have a security oriented homelab.

I do not generally allow any traffic between VLANs, all is isolated in the Switch, where different VLANs are in different routing instances (VRFs) and next-hop is my firewall. All traffic is L3.

Now when I'm testing new things and I need to login to a random web interface, at a random port I normally create an application on my firewall for that port, and add that port to a "baseline" I have for traffic from my office network to my different server networks. This works as indented and means I will never have any traffic I'm not aware of.

However this is also time consuming. So I'm thinking to allow all high ports (>1024) - for only one direction (office networks->server networks) but not sure this is a good idea either.

I'm also thinking to force (web admin X) to use 443. I could also use a web proxy that would allow high ports and use that while testing, but yea. all have their pro's and cons..

top 1 comments

sorted by: hot top controversial new old

[-] YO3HDU@alien.top 2 points 10 months ago

Or just allow anything from from trusted to untrusted.

The main concern is from untrusted to trusted that should always be denied.

this post was submitted on 26 Nov 2023

2 points (100.0% liked)

Homelab

371 readers

2 users here now

Rules

Be Civil.
Post about your homelab, discussion of your homelab, questions you may have, or general discussion about transition your skill from the homelab to the workplace.
No memes or potato images.
We love detailed homelab builds, especially network diagrams!
Report any posts that you feel should be brought to our attention.
Please no shitposting or blogspam.
No Referral Linking.
Keep piracy discussion off of this community

founded 11 months ago

MODERATORS

communick@selfhosted.forum

rglullis@communick.news