SShortSingh.
Back to feed

18 Months Running OPNsense on Bare Metal: A Homelab Perimeter Retrospective

0
·3 views

A homelab operator replaced a default ISP router with a dedicated OPNsense firewall after setting up an Akash decentralized infrastructure provider, which required a more deliberate security perimeter. The ISP router previously provided only passive, default-level protection with no explicit logging, outbound restrictions, or per-service rules. Once the Akash provider went live and began accepting publicly discoverable inbound tenant deployments, relying solely on the ISP router became indefensible. OPNsense was installed on dedicated bare-metal hardware — kept separate from the Proxmox hypervisor to avoid shared failure risk — with all internal VLANs trunked through a single LAN interface. After 18 months of operation, the author reflects on both what the setup achieved and what security measures remain unimplemented.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

Log in to join the discussion and vote.

Log in

Related stories

0
ProgrammingDEV Community ·

Developer builds open-source tool to generate pixel-perfect App Store screenshots after AI rejections

A developer repeatedly faced App Store Connect rejections when using AI image models to generate iOS app screenshots, due to incorrect canvas sizes, warped text, and inaccurate device frames. Recognizing that precise geometry requires arithmetic rather than statistical approximation, the developer separated the rendering and generative tasks into distinct workflows. The result, called HyperShots, is an open-source skill for Claude Code and Codex that uses HTML/CSS rendered via headless Chrome to produce screenshots at exact store-required dimensions. A built-in validator checks for every spec Apple enforces, including file size, color profiles, and alpha channels, while an optional AI layer handles stylistic elements without touching typography or layout. The tool also supports localization and integrates with Fastlane for direct submission to App Store Connect.

0
ProgrammingHacker News ·

Developer Creates Data Portrait Visualizations for FIFA World Cup 2026

A developer has built an interactive data visualization project called 'FIFA World Cup 2026 Data Portraits,' accessible via a dedicated website. The project appears to present player or team statistics from the upcoming 2026 FIFA World Cup in a visual portrait format. It was shared on Hacker News, where it received modest early engagement with 4 points and 1 comment. The 2026 FIFA World Cup is set to be hosted across the United States, Canada, and Mexico. The project reflects a growing trend of creative data storytelling around major sporting events.

0
ProgrammingDEV Community ·

BackFlow Aims to Be a Visual API Design Tool Combining Figma and Postman

A developer is building BackFlow, a visual platform designed for API-first development and API design workflows. The tool allows designers, developers, and product teams to map out API flows visually before writing any code. Users can drag and drop components such as web browsers, APIs, Redis, and workers onto a canvas, then configure requests and responses to simulate full API flows. The project is currently seeking feedback from industry professionals on its concept, usability, and frontend design.

0
ProgrammingDEV Community ·

How to Export Telegram Group Members and Media: A Practical Guide

Exporting targeted data from Telegram — such as member lists or bulk media — is possible but not straightforward using the platform's built-in tools, which are designed for full account backups rather than selective exports. Users can access participant data, including usernames and IDs, through Telegram's client API using tools like GramJS or Telethon, or via browser extensions that connect with personal API credentials. For media exports, preserving message context such as sender and timestamp alongside each file is recommended, and any downloader must handle Telegram's rate limits to avoid FLOOD_WAIT errors. Two main modes exist for browser-based tools: web mode, which reads already-rendered page content, and API mode, which uses personal credentials from my.telegram.org for deeper access. A key rule applies throughout: users can only export data their own account can already access, and any tool claiming otherwise poses a risk of account bans.