Home Networking

198 readers

1 users here now

A community to help people learn, install, set up or troubleshoot their home network equipment and solutions.

Rules

Please stay on topic.
Please use the search function to look for keywords related to what you want to ask before posting since most common issues have been answered.
No Ads. This community is for support and discussion. Ads and self promotion are not welcome here.
No product reviews or announcements. If you have a question about a product, be specific about what you want to know.
Be civil. Don't be a jerk. Not being a jerk is surprisingly easy.
No URL shorteners. URL shorteners tend to hide the real use of a link. For this reason, please use normal links, even if they're long.
No affiliate links.
No gatekeeping. With profession shall come professionalism. Extend help without judging others for their ignorance. The same goes for downvoting of comments or posts for "stupid questions" or not being as knowledgeable as others.

founded 1 year ago

MODERATORS

communick@selfhosted.forum

rglullis

Secure Cloudflare Tunnels with vLANs and an Internal Firewall Before It's Too Late! - YouTube (youtu.be)

submitted 5 months ago by sabreW4K3@lazysoci.al to c/homenetworking@selfhosted.forum

1 comments fedilink hide all child comments

Was looking into this today and this video came up, so thought I'd share

Summary:

This video is about securing Cloudflare tunnels with VLANs and an internal firewall.

The speaker, Jim, argues that while Cloudflare tunnels are a great technology, they can introduce security risks because all the traffic that comes into your network is visible to Cloudflare. To mitigate these risks, Jim suggests segmenting your internal network and adding extra layers of security.

Here are the key steps to secure Cloudflare tunnels with VLANs and an internal firewall according to Jim:

Create a Mac VLAN for the Cloudflare tunnel. This will isolate the traffic coming from the tunnel from the rest of your network.

Add an internal firewall rule to allow traffic only from the Mac VLAN to the specific port where your service is running. This will restrict the Cloudflare tunnel's access to only the resources it needs.

Configure your firewall to perform IDS/IPS on the traffic coming from the Cloudflare tunnel. This will help to identify and block malicious traffic.

By following these steps, you can add extra layers of security to your network and reduce the risk of a breach even if your Cloudflare tunnel is compromised.

Jim also mentions that a next-generation firewall can be used for additional security benefits. This type of firewall can perform deeper inspections of traffic and provide better protection against sophisticated attacks.

Overall, the video provides a good overview of the security risks associated with Cloudflare tunnels and how to mitigate those risks using VLANs and an internal firewall.

top 1 comments

sorted by: hot top controversial new old

[–] chiisana@lemmy.chiisana.net 4 points 5 months ago

This is really just best practice for any arbitrary sort of external access; even if you’re using some sort of VPN (wireguard, tailscale doesn’t matter) to get back into your network, as long as there’s an external way into your network, you want to drop that into its own isolated area so in the event a malicious attacker gets through, they’re sandboxed to the area you allow them to.