while(true){💩};

  • 0 Posts
  • 124 Comments
Joined 2 years ago
cake
Cake day: June 11th, 2023

help-circle






  • Bluesky follows a model they’re more familiar and therefore more comfortable with, even if its the same model that got them where they are in the first place. Bluesky’s federation protocol doesnt matter so much as the fact that Bluesky is a singular silo that all Bluesky users can see all content and other users in does. Bluesky self-hosted sites will be a ‘nice addition’ that most users won’t have to care or think about.

    I love lemmy and fediverse stuff, but even I am stressed out at the idea of having to make sure I have some kind of replication across different instances, having to keep track of who federates (or doesn’t) with who, and always wondering if my home instance is “the right one.”












  • Semperverus@lemmy.worldtoTechnology@lemmy.worldFireWall as a Service?
    link
    fedilink
    English
    arrow-up
    12
    ·
    edit-2
    1 month ago

    We use one of these at work! There are a couple of companies offering these solutions such as PaloAlto, Zscaler, etc. and they are typically of the “Next-Gen Firewall” variety (I.e. they scan the content of the packets rather than just routes and ports and such).

    The way they work is basically that you establish VPN connections to their endpoints, and they scan the traffic as it passes through. Like a VPN, you get a new IP address that is shared with other customers, but there is a way to pin your original IP in the packet headers if you need.

    These connections can be handled via one of a few ways:

    1. Software on the workstation (best option as it allows deeper traffic routing and control, as long as your workstations are locked down)

    2. IPSec tunnels configured on the building’s router service’s endpoints/datacenters

    3. GRE tunnels configured on the building’s router to the service’s endpoints/datacenters

    4. A physical firewall box that sits in front of your other hardware that does any of the above OR something bespoke

    Note that unless you have option 4, none of these replace traditional “dumb” firewalls. If you’re still using IPv4, you still need a NAT firewall.