My XU4 just came in from Korea yesterday night, im using it to create a hardware firewall on my home network.
There are so many exploits for consumer networking devices, given that I run a home server I figured it would be in my best interest to not only have a hardware firewall for my domain, but one for my entire home network.
I have no social life, no friends, the only person I email is Terry Davis from fake email addresses such as the pope asking him to include networking in TempleOS.
I get excited at the prospect of installing gentoo on a microcomputer such as this, I look forward to it all month.
Is this what they call autism?
Also, should I continue using iptables as my firewall software or does anyone have a better alternative?
You're wasting the XU4 on that role. Get something fanless with a more powerful CPU, better NICs, and no GPU.
>>61868139
what is there thats more powerful tho at decent price? this is has 8 cores in it, 2gb ram and gigabit ethernet and usb3.0 ports
I need the usb3.0 because unless if I can find one with two nics, I need to do a usb to ethernet adapter for one of the interfaces
>>61868114
>Worried about exploits
>Orders device online
>NSA intercepts to add backdoor
>>61868241
If the NSA wants to hack me there likely isnt much I can do about it.
I want to at least keep out Ivan and Xi from trying to exploit my home network the best I can
>>61868114
Same here, I have a job, go to college, but nothing is related to IT, and I still love all this. Is not "autism" but yeah regular people call it that way. Is the DIY spirit.
Some infosec guys recommend using nftables instead of iptables, which is more advanced, but haven't try it personally.
>>61868452
huh.
thanks for the info, never heard of it, will research.
>>61868114
>worried about exploits
>installs Linux instead of OpenBSD
It's like you didn't get the memo about grsec or how shitty Linux is with security or something.
>>61868492
what is the equivalent of iptables in openbsd?
>>61868492
nice meme
enjoy no kernel level security
enjoy no ASLR
enjoy your backdoors
Anyone implying that BSD based firewalls are good doesn't know what they're talking about.
Enjoy your extremely subpar qos. Nothing touches fq_codel and cake on linux, and yes, the freebsd dummynet stuff in since 11R does implement fq_codel but it's not nearly as efficient as it is on linux.
Best solution: use your distro of choice with nftables, the iptables replacement.
Preferably use one with good selinux coverage like fedora/centos (or even debian, recent work on upstream refpolicy has come a long way).
Hardened kernels are useless now that grsec is dead. A hardened libc might be useful, but not as useful as selinux.
>>61868535
pf
>>61868545
>kernel level security
That went the way of the dodo with grsec closing off their public source code.
>ASLR
>In 2003, OpenBSD became the first mainstream operating system to support a strong form of ASLR and to activate it by default
Are you fucking retarded or something? OpenBSD was the reason it exists in Linux.
>backdoors
Because a gigantic OS like Linux that accepts any patch anyone throws at it doesn't have hundreds of backdoors.
>>61868573
Except for RSBAC, you get covered a lot.
>>61868594
You are implying a lot there friendo. I get your corrections but that is no reason to be so biased towards BSD.
BSD is dead, just accept it.
>>61868160
PC Engines APU boards are more powerful (amd64 kicks the crap out of ARM), fanless, headless, have 3 NICs, and support pfSense. That XU4 really wants to be used for desktoppy or GPIO things.