18 Months Running OPNsense on Bare Metal: A Homelab Perimeter Retrospective
A homelab operator replaced a default ISP router with a dedicated OPNsense firewall after setting up an Akash decentralized infrastructure provider, which required a more deliberate security perimeter. The ISP router previously provided only passive, default-level protection with no explicit logging, outbound restrictions, or per-service rules. Once the Akash provider went live and began accepting publicly discoverable inbound tenant deployments, relying solely on the ISP router became indefensible. OPNsense was installed on dedicated bare-metal hardware — kept separate from the Proxmox hypervisor to avoid shared failure risk — with all internal VLANs trunked through a single LAN interface. After 18 months of operation, the author reflects on both what the setup achieved and what security measures remain unimplemented.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in