this post was submitted on 26 Nov 2023
2 points (100.0% liked)

Homelab

22 readers
1 users here now

Rules

founded 1 year ago
MODERATORS
 

This bugs me a bit so just seeking out to see what you folks do here, at lest you who work in security or have a security oriented homelab.

I do not generally allow any traffic between VLANs, all is isolated in the Switch, where different VLANs are in different routing instances (VRFs) and next-hop is my firewall. All traffic is L3.

Now when I'm testing new things and I need to login to a random web interface, at a random port I normally create an application on my firewall for that port, and add that port to a "baseline" I have for traffic from my office network to my different server networks. This works as indented and means I will never have any traffic I'm not aware of.

However this is also time consuming. So I'm thinking to allow all high ports (>1024) - for only one direction (office networks->server networks) but not sure this is a good idea either.

I'm also thinking to force (web admin X) to use 443. I could also use a web proxy that would allow high ports and use that while testing, but yea. all have their pro's and cons..

you are viewing a single comment's thread
view the rest of the comments
[–] YO3HDU@alien.top 2 points 1 year ago

Or just allow anything from from trusted to untrusted.

The main concern is from untrusted to trusted that should always be denied.