this post was submitted on 10 Apr 2026
55 points (98.2% liked)
Selfhosted
60281 readers
860 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil.
-
No spam.
-
Posts are to be related to self-hosting.
-
Don't duplicate the full text of your blog or readme if you're providing a link.
-
Submission headline should match the article title.
-
No trolling.
-
Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
The argument was that the vlans force a device through the firewall so that the firewall can protect it. But for that to happen, like you said the firewall wasn't strick enough or didn't have a defense against a 0 day.
So the vlan doesn't do anything either way. Either the firewall works in which case you don't need vlans to force local traffic through them a second time or they don't work in which case again the vlan did nothing.
firewalls are not for defending against 0 days. it is about access control, and reducing, sometimes even minimizing access to potentially vulnerable services. firewalls are not an infallible security tool, but there is no such thing either. the reason to use it is to restrict access such that fewer attackers can take advantage of a potential vulnerability.
there are intrusion detection/prevention systems that could do more, but it's unlikely they will protect against 0 days, because 0 days are undiscovered and unknown issues.
it does. its useful to force traffic through a firewall. its for limiting what has access to what. if you wouldn't use vlans, hosts on the network would not care about your firewall because they can just go straight to the destination.
I'm not sure I understand your argument, but I think what you say is, firewalls are not infallible so they are useless
I'll try an analogy to explain better. The firewall is a lock on the door to your house. Vlans are a rule that to go from one room to another, you must go back out the locked door and back in.
So an attacker tries to come in and can't pick the lock. You are safe.
Another attacker can pick the lock and get into a room. But if they can pick the lock for one room, they can pick the same lock again and get into any other rooms because it's the same lock protecting every room in the house.