The only reason I haven't gone this way is that I know nothing about pfsense. I just found out today it's free software. Good start. So I downloaded the latest build.starting to sound like a broken record in here but Pfsense with pfblockerng-dev.
Install it on any hardware you like. Video guides all over YouTubeThe only reason I haven't gone this way is that I know nothing about pfsense. I just found out today it's free software. Good start. So I downloaded the latest build.
But I have no clue what to do with it now.
Do I grab an old PC I'm not using and install it on that?
I do have an IBM Lenovo Intel i350-T4 4x 1GbE 1000Base-T Gigabit Adapter......can I use that?
Is there a guide somewhere?
Did you read what I said or just immediately dismiss it??Nah. Because cloudflare only helps when accessing via the domain name. When they hit the IP directly, it completely bypasses anything cloudflare does. It should be considered useless when it comes to securing a network/server. OP would still need to do everything he originally intended to do from the firewall side. It'd be double the work. And, that's assuming OP is using a domain name and is only wanting to accept traffic over port 80/443...
This is not a replacement for an on-site firewall, no matter how you try to spin it.Did you read what I said or just immediately dismiss it??
I'm not sure where the double duty is that you speak of. I'm also unsure of what kind of cost Spectrum is and whether or not it would be cheaper vs buying his own equipment.
- An assumption is made that he has a registered domain. Though if he's paying for a static IP, chances are good he's also got a domain registered.
- Configure his firewall to only accept connections for those services from CloudFlare's IPs.
- CloudFlare Spectrum is an additional service that allows CloudFlare to protect ports other than 80/443
I've worked a good bit with cloud based solutions recently. Using a cloud service like this may also cause additional latency, and your logs on stored in their cloud environment.This is not a replacement for an on-site firewall, no matter how you try to spin it.
Check Point, Fortinet, Junpier, Palo and pretty much every other real firewall does this. Geo blocking isn't rocket science. I've done this for years at home with both Check Point and Fortigate appliances.
If your employer works with a Palo Alto Networks reseller you can get one for home use significantly discounted (or request a lab unit).pfSense or Sophos if you're ok with a free solution.
I suggest Fortigate since this is for a business, though. I'd totally run Fortigate any day. Palo is my preferred, but Fortigate's a bit more palatable to the wallet.