Beyond Default Deny: Reducing Attack Surface & Exposure in 2026
Stop Shodan and Censys from mapping your network. Learn how to use OPNsense 26.1, CrowdSec, and Divert Mode to achieve true Security through Obscurity in 2026.
OPNsense IDS/IPS in 26.4+: Suricata, Inline vs Divert Mode
Learn how to configure Suricata IDS/IPS in OPNsense 26.4+. Compare Inline vs Divert mode, optimize performance, and secure your self-hosted services.
Upgrading to OPNsense 26.1
The jump to OPNsense 26.1 changes how DHCP and DNS interact. Learn how to navigate Kea migration, fix subnet mask mismatches, and resolve Android Wi-Fi errors.
Advanced OPNsense Networking: Cloudflare Bypass, DNS/NTP Hijacking & SQM
Learn advanced OPNsense routing techniques including Cloudflare proxy bypass, DNS/NTP interception, and SQM bufferbloat fixes for high-performance homelab networks.
Building a Homelab Mini-SIEM with Grafana, Loki, and Promtail
Stop guessing and start visualizing. Turn siloed OPNsense and NGINX logs into a real-time threat map with the lightweight GLP stack. Includes GeoIP and Discord alerts.
Mastering WireGuard: Site-to-Site & Road Warrior Setups Behind OPNsense NAT
Stop running WireGuard on your firewall. Learn how to decouple your VPN using Docker or Linux VMs behind OPNsense for better performance, portability, and Site-to-Site routing.
Threat Hunting in the Homelab
When Zenarmor flagged a high-severity beacon, I feared my NAS was infected. It wasn't. Here is the step-by-step threat hunt of how I tracked down a malware implant inside a compromised Docker container using tcpdump—and the supply chain mistake that let it in.
Are Cloudflare Tunnels Safe for Media Servers? A Cybersecurity Vet's Analysis
"No Open Ports."
In the self-hosting world, this phrase is the ultimate aphrodisiac. We are taught from
The Speed of Light: OPNsense WireGuard Setup Guide
Merry Christmas everyone! A little Christmas "treat" for all...
You’ve built the fortress (OPNsense). Now you need
OPNsense Layer-7 Control: A Deep Dive into Zenarmor (Part 3)
In Part 1, we built the firewall (Layer 3/4). In Part 2, we hardened it with user accounts, 2FA,