OPNsense

28
Apr
Digital rendering of my 10+ yr old hand me down Alienware X51 R3 PC running OPNsense, 'ghosting' my WAN IP to the scanners.

Beyond Default Deny: Reducing Attack Surface & Exposure in 2026

Stop Shodan and Censys from mapping your network. Learn how to use OPNsense 26.1, CrowdSec, and Divert Mode to achieve true Security through Obscurity in 2026.
11 min read
24
Mar
Cyberpunk illustration of OPNsense with Suricata, featuring a vigilant meerkat guarding glowing data streams and detecting threats in real time.

OPNsense IDS/IPS in 26.4+: Suricata, Inline vs Divert Mode

Learn how to configure Suricata IDS/IPS in OPNsense 26.4+. Compare Inline vs Divert mode, optimize performance, and secure your self-hosted services.
6 min read
24
Mar
A macro shot in a dark server room shows an Ethernet cable plugged into a NIC, featuring a "Digital Fortress" maintenance log overlay with an OPNsense upgrade progress bar at 88% complete.

Upgrading to OPNsense 26.1

The jump to OPNsense 26.1 changes how DHCP and DNS interact. Learn how to navigate Kea migration, fix subnet mask mismatches, and resolve Android Wi-Fi errors.
6 min read
17
Mar
Conceptual network command center. Left display: OPNsense 1.5Gbps throughput and low latency. Right display: AdGuard Home stats and active IDS/IPS shield for threat detection.

Advanced OPNsense Networking: Cloudflare Bypass, DNS/NTP Hijacking & SQM

Learn advanced OPNsense routing techniques including Cloudflare proxy bypass, DNS/NTP interception, and SQM bufferbloat fixes for high-performance homelab networks.
13 min read
03
Mar
Grafana dashboard showing a global threat map of cyberattacks and a top 5 attackers bar gauge parsed from OPNsense firewall and NGINX Docker logs.

Building a Homelab Mini-SIEM with Grafana, Loki, and Promtail

Stop guessing and start visualizing. Turn siloed OPNsense and NGINX logs into a real-time threat map with the lightweight GLP stack. Includes GeoIP and Discord alerts.
13 min read
20
Jan
Gloved hands hold a transparent tablet displaying a holographic network diagram where a secure WireGuard tunnel bypasses a red firewall shield in a server room.

Mastering WireGuard: Site-to-Site & Road Warrior Setups Behind OPNsense NAT

Stop running WireGuard on your firewall. Learn how to decouple your VPN using Docker or Linux VMs behind OPNsense for better performance, portability, and Site-to-Site routing.
8 min read
14
Jan
Digital illustration of a server room. Glowing blue network paths converge on an isolated, glowing red cube. A text overlay reads "TRAP SPRUNG: PID ISOLATED," symbolizing threat containment.

Threat Hunting in the Homelab

When Zenarmor flagged a high-severity beacon, I feared my NAS was infected. It wasn't. Here is the step-by-step threat hunt of how I tracked down a malware implant inside a compromised Docker container using tcpdump—and the supply chain mistake that let it in.
6 min read
13
Jan
Core Lab mascot next to a glowing Cloudflare Tunnel portal. Text: Is Cloudflare Tunnel Safe for Plex/Jellyfin? A Cybersecurity Vet's Analysis.

Are Cloudflare Tunnels Safe for Media Servers? A Cybersecurity Vet's Analysis

"No Open Ports." In the self-hosting world, this phrase is the ultimate aphrodisiac. We are taught from
9 min read
25
Dec
Wireguard icon, resting on the ground below a lightening bolt with the caption of "Wireguard: Speed of Light".

The Speed of Light: OPNsense WireGuard Setup Guide

Merry Christmas everyone! A little Christmas "treat" for all... You’ve built the fortress (OPNsense). Now you need
10 min read
19
Nov
Screenshot of the Zenarmor threat dashboard, showing Top Detected, Allowed, Blocked and Destinations.

OPNsense Layer-7 Control: A Deep Dive into Zenarmor (Part 3)

In Part 1, we built the firewall (Layer 3/4). In Part 2, we hardened it with user accounts, 2FA,
10 min read