this post was submitted on 30 Jun 2023
327 points (98.5% liked)

Programmer Humor

19572 readers
2011 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 1 year ago
MODERATORS
Feyter@programming.dev
anzo@programming.dev
BurningTurtle@programming.dev
pylapp@programming.dev
327
Firewall Alignment Chart (programming.dev)
submitted 1 year ago by Caust1c@programming.dev to c/programmer_humor@programming.dev
22 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] argv_minus_one@beehaw.org 2 points 1 year ago

In my apartment, I have a PC running Linux with four network interfaces:

  1. One Ethernet port built into the motherboard, connected to a switch that the rest of my hard-wired devices are connected to
  2. One PCIe Wi-Fi 5 card, serving as my apartment's wireless access point
  3. One USB Ethernet dongle, connected to my ISP's optical network terminal
  4. One USB Ethernet dongle, connected directly to an employer's PC (for working from home)

It forwards packets between all of these (i.e. is a router) and uses nftables (i.e. is a firewall).

The firewall is specially configured to isolate interface 4: it is only allowed to talk to the Internet and the router's DHCP and DNS servers, but not any other device in my apartment, nor any other process running on the router itself.

Seems pretty radical on both axes, but it's neat that I can do this with nothing but common consumer equipment and free software. No fancy Cisco gear required. And unlike the average home router, the software running on mine actually receives security audits and patches, so I consider it far more secure.