You need to learn about firewalls! Home Network Router Safety PfSense Explained: DNS Blocklists Explained: Why you need to care about privacy: How to encrypt your DNS NBTV: Naomi Brockwell Channel: https://www.youtube.com/@NaomiBrockwellTV/videos
I have a brand new Protectli FW4C 4port/2.5GbE with OPNSense preinstalled on it. It has a 2.4Gb wifi AP as well. I only use 2.4 wifi at my house and the protectli (along with an 8port 2.5GbE unmanaged switch) is going to replace 2 asus routers running asus-merlin. Haven't hooked it up yet as I have to disable the entire network in order to do so and my roommate is always using it. Soon though.
I keep my wifi separate and tie it in through a switch, with the modem hooked into the Netgate 1100 with PfSense. It's cool being able to fully control everything. I have my DNS server set to Quad 9 to prevent my ISP from snooping too.
My first step is always replacing the factory router firmware. Getting off cable internet for a fiber connection helps base level security and reliability no reboots in months. These are good, there are others: Welcome to the OpenWrt Project (new) DD-WRT Tomato Firmware | Polarcloud.com
It doesn't matter what you have behind the firewall, if you control the ports -you control all access. The range of control you have with a PfSense firewall is incredible.
stupid question ,,,, i have starlink hard wire no wifi running lnx mint. still use this or only routers listed?
The PfSense (Netgate) is a firewall, it's a mini-pc which connects directly through your modem or Starlink and your router would be connected to the firewall through a switch. Any connection at all is strengthened with a firewall.
Visibility is key. You need something to actually see the traffic through the system and where it is going. Anything headed overseas needs the port it is using shut down yesterday. I'm reminded of the hospital that was hacked through a wireless thermometer in a fish tank. I have found that almost every IP camera (even the ones in laptops) call home to China. With security cameras they send small bursts of 100-500 kilobytes, so I'm guessing thumbnails. And they use obscure ports to do it which further makes me think it has nefarious intentions. I use a Mikrotik router behind my ISPs router and create my own VLANS in the network. I have 5 security cameras on a VLAN with no internet access, Blue Iris runs on a server with the heaviest firewall (needs internet to remotely view cameras), and everything else on the third VLAN. I masquerade my internal IPs. With all of that work, I was able to hack into my smart tv using Kali Linux in 20 minutes from my neighbors access point. The lesson is, turn down those ports that have outgoing traffic.
