• oatscoop@midwest.social
    link
    fedilink
    English
    arrow-up
    8
    ·
    edit-2
    9 months ago

    Every single one of my “internet facing” devices is blocked from accessing the internet at the router. If I want to access them they either get added to my HomeAssistant instance or another computer that’s only accessible from the outside through my VPN.

    All of the convenience with the privacy concerns practically eliminated. It costs $6 a month in hosting for the VPS I set the wireguard server up on.

      • towerful@programming.dev
        link
        fedilink
        English
        arrow-up
        5
        ·
        edit-2
        9 months ago

        Routing, NAT and firewall are pretty complex things because its the backbone of everything: phones, websites, enterprises, government. It all uses the same tech. And very few networks are the same (the exception being consumer broadband home networks).
        The money for development is in the products for enterprise, so they have to have all the tuneables available and seem hugely complex to non-specialist users.

        So, there arent really any “easy” router/firewalls that are also flexible.

        Ubiquiti & TP-link do Software Defined Network stuff, abstracts away a lot of the complexity. But as soon as you want to do anything complex, you are digging into CLI and might as well use something designed for that.

        OpenWRT is apparently pretty good. Ive never used it.

        I now use OPNSense. Essentially freeBSD set up as a router/firewall, with a nice webGUI and loads of flexibility.
        I feel like this is what you are looking for

        I also dable in Mikrotik routers, and im considering moving to their RouterOS… Or even one of their appliances.

        openWRT, OPNSense, RouterOS can be installed on your own hardware. So you could use an old desktop, stick a decent network card in it and use that with a bridge modem.