3 minute read Modified:
Previously I used a tinc tunnel between me and my parents’ server. This situation was not ideal because my parents’ server had to be the gateway for some things to be able to use them via the tunnel, while the FRITZ!Box was the real gateway. Since I wanted to replace my gateway with an EdgeRouter Lite, I used this to setup an IPsec tunnel with the FRITZ!Box.
3 minute read Modified:
When I was testing something with my EdgeRouter Lite, I saw some command that might help me create a config outside the router itself and then load it. One of them was the merge command, so I tried to use it. The help information on the CLI was the following:
# merg<tab><tab>
Possible completions:
merge Load configuration from a file and merge running configuration
[edit]
# merge <tab>
Possible completions:
<Enter> Merge from system config file
<file> Merge from file on local machine
scp://<user>:<passwd>@<host>/<file> Merge from file on remote machine
ftp://<user>:<passwd>@<host>/<file> Merge from file on remote machine
http://<host>/<file> Merge from file on remote machine
tftp://<host>/<file> Merge from file on remote machine
[edit]
#
4 minute read Modified:
When I was searching how to setup my new EdgeRouter Lite, I came across a link that would explain why using a zone based firewall is better than a per-interface firewall. Unfortually the webpage was no longer reachable, but at least google cache still had the text available. Because it is a good article, I put the text here as a backup. The original also has some pictures as can be seen by the archived page.
Every so often, I get asked the question of why I feel a Zone based firewall is better than a per-interface firewall. It can be a complicated question to answer depending on the asker’s level of understanding. So my goal here is to provide a simple and clear description of why a zone based firewall is the more secure solution.
In all firewall variants, we do matching against multiple attributes of a packet. Source IP, Source Port, Destination IP, Destination Port, session state, protocol and various other logical values depending on the implementation. The primary difference between ACLs and Zones are how they apply to the physical or layer 2 characteristics.