Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
neilv 3 days ago

At home, I built an OPNsense box to evaluate (using Sophos XG135 Rev 3 hardware, along with an OpenWrt nice Netgear WiFi AP on POE), but then went back to a plastic OpenWrt all-in-one box.

OPNsense (and pfSense) are neat, but I personally don't need an IDS/IPS right now, and I like to be able to run the router fanless.

One thing that OpenWrt could use immediately, for basic home WiFi router functionality, is easier ways to add guest-like VLANs from the Luci Web-based admin UI. (I currently have a guest VLAN config that I partly cargo-culted with numerous steps in Luci years ago, largely based on a blog post, and that would be a pain to reconstruct on a new install.)

For techies whose households include non-techies, a little IDS/IPS could help keep some nasty traffic off your home Internet pipe, and I suppose that could now run alongside OpenWrt on some of the more powerful plastic boxes, or on a PC with the right WiFi devices/APs. (In addition to use of VLANs and routing to minimize damage from all the malware-infested devices, and also thinking "zero trust" for the techie stuff you run.)

tw04 3 days ago | parent | next [-]

>I like to be able to run the router fanless.

You don't need a fan for OPNsense or pfSense? Plenty of folks running protectli boxes without a fan, they're one of the most popular platforms for both OS'

gonzopancho 3 days ago | parent [-]

the entire desktop line from Netgate is fanless.

brirec 3 days ago | parent [-]

Netgate are _terrible_ at open source, though — they’re shit at accepting contributions, they’re shit at providing attribution, and they’re shit at providing any support whatsoever to anyone who prefers other hardware (even with their paid software).

So I really can’t say I recommend their hardware…

gonzopancho 3 days ago | parent [-]

I ask that you provide evidence of your assertions:

- they’re shit at accepting contributions

- they’re shit at providing attribution

- they’re shit at providing any support whatsoever to anyone who prefers other hardware (even with their paid software).

In addition to pfSense (which is what I think you're criticizing) and all of its open source, we're upstreaming things to FreeBSD and fd.io VPP

Try this on a fresh copy of FreeBSD 'src':

% git log --first-parent --since="1 year" | sed -E 's/\^.*Sponsored.\[Bb\]y:\[\[:space:\]\]*//p' | grep -i Sponsored | sed -E 's/.*\[Ss\]ponsored\ \[Bb\]y://' | awk '{$1=$1};1' | sort | uniq -c | sort -rn | head

or for VPP, look here:

https://www.stackalytics.io/unaffiliated?module=github.com/f...

CursedSilicon 3 days ago | parent [-]

Well there was that time you guys paid that absolute nutjob to write a 60,000 line of code disaster Wireguard client. Which you then shipped to customers and tried to force-commit to the FreeBSD project because you wanted a marketing advantage

https://arstechnica.com/gadgets/2021/03/buffer-overruns-lice...

gonzopancho 3 days ago | parent [-]

[flagged]

justinrubek 2 days ago | parent | next [-]

Your behavior in this thread and this comment especially reflect poorly on you and your company. You've come swinging with something irrelevant to the conversation at hand. I'd never heard of this company, but I'll keep this in mind for the future, and I will perform similar espionage to what you've done.

CursedSilicon 3 days ago | parent | prev [-]

Weird flex of a comment after y'all got dragged (deservedly) for hiring Matthew Macy. But I guess we'll just have to agree to disagree

gonzopancho 3 days ago | parent [-]

yes, I contracted with Matt Macy, and I'd do it again, but he's well-employed now.

Funny how you didn't complain about his current employment at AWS, or his previous work at iX Systems (trueNAS, primarily responsible for the port of ZFS on Linux to FreeBSD) or the fact that the whole epoch based reclamation in the FreeBSD kernel is based on his work.

CursedSilicon 3 days ago | parent [-]

I'm sure the LKML will enjoy his commits just as much as FreeBSD did

gonzopancho 3 days ago | parent [-]

yes, I'm sure that FreeBSD actually does enjoy all of his work on OpenZFS and epoch-based reclamation.

CursedSilicon 3 days ago | parent [-]

No wonder y'all are pivoting to Linux I suppose :)

Also you should stop editing your comments after they're replied to. It makes it awfully confusing

gonzopancho 3 days ago | parent [-]

We already have a linux-based product (TNSR).

Bringing that tech stack to a firewall is a logical move.

akaitea 3 days ago | parent | prev [-]

> a little IDS/IPS could help keep some nasty traffic off your home Internet pipe

the adblock package does a great job of blocking ads and other nasty stuff, it doesn't have fancy statistics or an interface like Pi-hole but it does its job without complaining