Firewall

Deploy OPNsense as a virtualized firewall on Proxmox with VLAN segmentation, Suricata IDS/IPS, and WireGuard VPN. Real VM configs, bridge setup, firewall rules, and performance tuning.

Migrate Docker from iptables to the native nftables firewall backend. Configure docker daemon.json for nftables on Debian 13, test port publishing, and troubleshoot common migration issues.

Protect your homelab from brute-force attacks with Fail2ban. Deploy on bare-metal for SSH and configure custom jails for Docker containers using Traefik and Nginx logs with email alerting.

A practical nftables firewall guide for homelab servers — write IPv4 and IPv6 rule sets, handle Docker integration, rate-limit SSH access, log dropped traffic, and persist rules with systemd on Debian 12 / Ubuntu 24.04.

Configure a production-ready MikroTik RouterOS 7 firewall — understand filter, NAT, mangle, and raw tables, enable FastTrack for wire-speed forwarding, implement connection tracking state rules, and build brute force protection with dynamic address lists.

A comprehensive Proxmox VE hardening guide covering firewall rules, TOTP 2FA, Fail2ban, SSH lockdown, AppArmor, and unattended upgrades — secure your hypervisor beyond default settings.

You set up UFW. You configured default deny incoming, opened only ports 22 and 443. You checked ufw status verbose — everything looks right. Then you spin up a Postgres container publishing port 5432, and suddenly port 5432 is open to the whole internet. Your UFW rules didn’t stop it. This isn’t a bug. Docker modifies iptables directly in ways that bypass user-level firewall tools like UFW. Every docker run -p creates a raw iptables DNAT rule that sits above UFW’s INPUT chain. The result: containers are exposed regardless of your UFW policy. ...

Every homelab needs a solid network foundation. This guide walks through the full configuration of R1 — a MikroTik edge router with segmented VLANs, inter-VLAN firewalling, WireGuard VPN, and a Cloudflare Tunnel running directly on the router. The config below is based on RouterOS 7.22.1. Commands are split by section so you can follow along step-by-step. Replace anything in <> with your own values. Hardware Model: MikroTik E62iUGS-2axD5axT OS: RouterOS 7.22.1 WAN: GPON FTTH (PPPoE on VLAN 100) Port Layout Port Role Access VLAN Notes SFP1 WAN — GPON ONT, native vlan 1 for ONT access Ether1 CCTV 50 Untagged, camera network Ether2 MGMT 99 Untagged, management Ether3 MGMT 99 Untagged, secondary management Ether4 HOME 10 Untagged, main home LAN Ether5 Trunk Tagged Inter-switch link carrying all VLANs Step 1 — Bridge Setup Create the main bridge with VLAN filtering enabled, and a separate bridge for container veth interfaces: ...