forum.ipfire.org

Ich habe diese Site genutzt: https://asciinema.org/a/189918

Es gab bei mir auch die komische doppelte Buchstaben, aber am ende hat es funktioniert. Und es lauft noch immer.

Entschuldige mein Deutsch bitte

Despite a busy end of the year, I still ordered the APU2D4 and I'm happy I did! At first I experienced some trouble with installation, but I just needed to follow the step-by-step and not experiment. After restoring the backups I locked myself out of the WUI, because the theme I used wasn't on the n...

Just another thing that comes to mind, if unbound is a recursive resolver, why would you want to configure upstream servers? Is that for speed purposes? I mean if unbound can check all the way up to the root servers, then you have your DNSSEC and QNAME minimisation right there, if you use upstream s...

Thanks for the updates UE, I've added them to the main post. I must say I haven't tested the tools yet, I'm fairly new to the IPFire environment in terms of installing software, I'm used to apt-get or building from git (sometimes), so I need to check how this ecosystem works exactly. I have in the m...

I believe iptables handles rules in chains, meaning it will handle the first rule in the first chain and subsequently iterates through the rules and respectively the chains. As far as I know - correct me if I'm wrong - iptables will stop once a matching rule has been found, so you need to accept the...

Hi UE, Thanks for the response, I did some checking into comp-lzo, which is 'simple' compression (now deprecated, because lz4 was implemented for speed reasons), it it - in certain scenarios - susceptible to attacks. See BEAST and CRIME: https://security.stackexchange.com/questions/51017/does-the-pr...

Hi all, I've been reading into why OpenVPN seems perform so poorly on fairly new devices. As it appears OpenVPN only runs on one thread, meaning higher frequencies are beneficial, but multiple cores aren't. Some searching did give me this repo, which claims it can run OpenVPN connections over multip...

Thanks for the explanation. :) I thought it would block incoming connections only, but it's a two-way block. Which - when I come to think of it - actually makes sense, you don't want any incoming traffic from compromised systems, but you also don't want any outgoing connection (exfiltrating data or ...

I've been kept a bit busy with some other investigations, like DNS hardening and trying to get DNSSEC and DoT working. I'm not quite there yet, but the deadline (2019) is drawing near, so I thought I'd investigate the Qotom too... The risk of no updates, i.e. NSA/KGB/GCHQ/etc is kind of a dealbreake...

I just came to the conclusion that using BOGON_FULL blocks 192.168.0.0/16, i.e. you can't access machines behind IPFire in that network as well ;) It's a two-way block. 11:28:53 DROP_BOGON_FULL red0 TCP 192.168.178.x 192.168.178.y 80(HTTP) In my case I can't reach the Fritzbox modem, not too much of...

Long post alert! this was one working topic since the first tries with the custom_forwarder in local.d ended up in a "local recursor" mode but did crashed also the entries in host.cgi (reported this in the linked thread) whereby i could localize the problem somewhere in the update_forwarders functio...

You can find it here: https://wiki.ipfire.org/optimization/st ... _hardening

Thanks, I just updated some parts, I must say I havent tested yet... when I quickly tested yesterday, my DNS was broken :( So I must find the time to test it thorougly :) Theres one other thing I don't understand, I will add it to the questions. When I configure unbound, what do the DNS settings in ...

This device is not supported, I believe it uses a different, unsupported, chipset and the price isn't too pretty for its performance.
If I recall correctly it isn't even on the roadmap right now, mostly due to the price in combination with not much added benefit.

Another good read: https://dnsprivacy.org/wiki/display/DP/ ... cy+Clients