21
Finally installed my own Firewall (lemmy.zip)
submitted 3 weeks ago by pimpampoom@lemmy.zip to c/selfhosted@lemmy.world
19 comments fedilink hide all child comments

Finally ditched my ISP’s router and installed my own opnsense firewall with my own Access Point. I have crowdsec running on opnsense to block attacks + adguard to block ads and malicious domains. My network is segmented between my homelab that is exposed and my AP.

Finally feels quite safe in my network 😅

top 19 comments
sorted by: hot top controversial new old
[-] Decronym@lemmy.decronym.xyz 4 points 3 weeks ago* (last edited 3 weeks ago)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
AP WiFi Access Point
DNS Domain Name Service/System
IP Internet Protocol
IoT Internet of Things for device controllers

[Thread #47 for this comm, first seen 31st Jan 2026, 16:30] [FAQ] [Full list] [Contact] [Source code]

[-] OhVenus_Baby@lemmy.ml 1 points 3 weeks ago

Doing the lords work! 🫶

[-] whimsy@lemmy.zip 2 points 3 weeks ago

Networking isn't my strong suit, so this might be a stupid question. But what exactly is a hardware firewall? Is it the same thing as my Internet facing router blocking incoming packets which haven't been requested from "inside the home" network?

[-] irmadlad@lemmy.world 1 points 3 weeks ago

A hardware firewall generally indicates a standalone appliance that is dedicated to being a firewall. Not to be confused with a software firewall as you would see with UFW, or Windows Defender. Modern routers do possess some of the same tenets of a hardware firewall, but a dedicated hardware firewall usually gives a broader range of defenses such as IDS/IPS, filtering, etc.

I have a dedicated hardware firewall in the form of pFsense. The 'black box' in OP's picture is the hardware firewall.

[-] peskypry@lemmy.ml 2 points 3 weeks ago

Good for you. I use OpenWrt on a decent router yet it's so flexible. I can create multiple VLANs with different firewall rules, multiple APs, Ad and IP blocking etc.

Honestly I can't imagine going back to a shitty ISP router ever.

[-] orbitz@lemmy.ca 1 points 3 weeks ago

I always get my isp outers as pass through so network is controlled by my entry. I have never bothered doing much with it but it's nice to have the option.

I used to use a ddwrt firmware for years but eventually my hardware could never keep up with my net speeds and manufacture firmware was faster. Trying an Omada network now seems alright but haven't added their wifi.

[-] Buffy@libretechni.ca 1 points 3 weeks ago

Even the wrong non-isp routers are ridiculous compared to OpenWrt capable ones. You're telling me I'm paying a huge premium to get a cutting edge Nighthawk, and then they shove a subscription service in my face to use any of these features? Let alone the security implications of having all your traffic routed through proprietary software. No thank you.

[-] SnotFlickerman@lemmy.blahaj.zone 1 points 3 weeks ago

I don't think we are the target audience for those, though, as weird as that sounds. More likely intended to be sold to less tech savvy people who are willing to pay for the convenience of some company handling their security.

[-] bytepursuits@programming.dev 1 points 3 weeks ago

Share some pictures and stats of you could. Do u see many probes?

[-] snekerpimp@lemmy.world 0 points 3 weeks ago

That looks exactly like the box I grabbed. Are you running your opnsense on the bare metal, or are you virtualizing it? My only regret for mine was not picking up more ram.

[-] pimpampoom@lemmy.zip 1 points 3 weeks ago

I’m running on bare metal. I have a physical homelab behind. Can’t you add ram?

[-] snekerpimp@lemmy.world 1 points 3 weeks ago

I could, if it wasn’t so damn expensive for 32gb

[-] kalpol@lemmy.ca 1 points 3 weeks ago

I can't imagine why you need 32gb for opnsense. I can run it on a single core and 1gb, unless I literally want every DNS blacklist loaded in which case 4gb

[-] umbrella@lemmy.ml 0 points 3 weeks ago* (last edited 3 weeks ago)

i recommend getting a fan blowing on that box. these get really hot at the slightest hint of some load.

[-] irmadlad@lemmy.world 1 points 3 weeks ago

It wouldn't be a bad idea. Right at this moment my temps are as such:

  • dev.cpu.0.temperature: 103 °F
  • dev.cpu.1.temperature: 103 °F
  • dev.cpu.2.temperature: 105 °F
  • dev.cpu.3.temperature: 109 °F
  • hw.acpi.thermal.tz0.temperature: 81 °F

IIRC, the case temp is like 194 freedom units. I've never really seen it get much higher than it is now.

[-] utjebe@reddthat.com 1 points 3 weeks ago

I bought a topton router with Intel N150. I was and still am disappointed with how much it heats up. Enev at idle it's not really comfortable to touch it.

[-] umbrella@lemmy.ml 1 points 3 weeks ago

check thermal paste and get a fan attached to it. computer 120mm fans fit just right.

[-] utjebe@reddthat.com 1 points 3 weeks ago

I don't think thermal paste is the problem here, the whole box is god damn hot, so it conducts heat well. At wall it measures 14-15w consumption, got it there from like 20-22w that was on defaults. Given that N150 is 6W TDP, the whole system just runs hot.

A fan would help, but I wanted fanless for a reason.

[-] desentizised@lemmy.zip 1 points 3 weeks ago

TDP is a very misunderstood concept these days because it used to be a hard upper limit but now it's god knows what. The Spec Sheet is calling it "Processor Base Power". What might that be you ask? Well of course it is

The time-averaged power dissipation that the processor is validated to not exceed during manufacturing while executing an Intel-specified high complexity workload at Base Frequency and at the junction temperature as specified in the Datasheet for the SKU segment and configuration.

In other words it's just marketing mumbo jumbo. According to other users the N150 can draw as much as 20 up to 35 watts even. The fact that the heat is radiating well through your case sounds like a positive if anything. This is x86 we're talking about. The added complexity of that architecture over ARM comes at a price.

this post was submitted on 31 Jan 2026
21 points (100.0% liked)

Selfhosted

56846 readers
99 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

  7. No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz