Messages

1

General Discussion / Re: MAC limiting

« on: December 20, 2023, 02:42:36 pm »

Thanks for your comments. 

I am not using Opnsense yet.  I am just trying to figure out which features would be best for my network use, and see if they can be done with Opnsense.  I'd like to have some vlans, some firewall rules, and whatever provides similar features as PFsense's PFBlocker, which I believe is Zenarmor (please correct me if I'm wrong). I'm also potentially interested in using a VPN if it won't slow everything too much. It was suggested to me that if I add vlans with a switch, I should also look into adding Mac Limiting, which seems to limit the number of address that can connect to a switch port. I am wondering if vlans can be set up like this in Opnsense.

Please let me know if there are other features you'd recommend for a home set up. Is Suricata recommended for a home setup, or will it be too advanced to monitor, and understand, for the average home Joe with only a very basic understanding of home networks?

2

General Discussion / MAC limiting

« on: December 19, 2023, 05:43:53 pm »

Can MAC limiting be accomplished with OPNsense? (It's my understanding MAC limiting is different than MAC filtering).

3

Virtual private networks / vlan hopping

« on: December 19, 2023, 05:23:12 pm »

A friend was telling me vLAN hopping makes vLAN generally ineffective. However, I was reading a little about vLAN hopping the other day and it seems this can be mitigated if vlans are configured in a particular manner.  Essentially, it said: "Mitigating a VLAN attack can be done by disabling Dynamic Trunking Protocol (DTP), manually setting ports to trunking mode, and by setting the native VLAN of trunk links to VLANs not in use".

Are standard vlans, created in OPNsense, vulnerable to vlan hopping? If so, is there a way to set up Opnsense vlans as described above?