Home Networking

198 readers

1 users here now

A community to help people learn, install, set up or troubleshoot their home network equipment and solutions.

Rules

Please stay on topic.
Please use the search function to look for keywords related to what you want to ask before posting since most common issues have been answered.
No Ads. This community is for support and discussion. Ads and self promotion are not welcome here.
No product reviews or announcements. If you have a question about a product, be specific about what you want to know.
Be civil. Don't be a jerk. Not being a jerk is surprisingly easy.
No URL shorteners. URL shorteners tend to hide the real use of a link. For this reason, please use normal links, even if they're long.
No affiliate links.
No gatekeeping. With profession shall come professionalism. Extend help without judging others for their ignorance. The same goes for downvoting of comments or posts for "stupid questions" or not being as knowledgeable as others.

founded 1 year ago

MODERATORS

[email protected]

What if... I'd cut off all connections to China on my home network? (alien.top)

submitted 11 months ago by [email protected] to c/[email protected]

62 comments fedilink hide all child comments

I'm just curious, what if I'd use my pi-hole to block all connections from/to China on my home network. I have a good bit of automation in place, but mostly western solutions, yet still I wouldn't be surprised if they called China. Have any of you tried this kind of experiment? Is it even possible to block? What gone down?

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 1 points 11 months ago

Checkout PFSense and PFBlocker-NG. It's a geofence blocker to DENY all incomming requests from various IP subnets that you select on the public side. If you have any open ports (say for games or otherwise on your home network) this will really cut back on system load/login attempts. It can just drop the packets entirely, not even entertaining them.

You'd ideally want to use a VPN and not expose any other ports on the firewall. For example never open an SSH port. If you do use a keypair and make it a non-standard port. But having a VPN would prevent you from even needing to open SSH ports as the VPN would essentially put you on the LAN. Most consumer routers will let you setup a VPN server for your LAN now.

But something like hosting a webserver at home this (Geoblocking) can really help with. In addition to using cloudflare as your domain registrar for DDOS protection.

Here's a video on it:

https://www.youtube.com/watch?v=oNo77CMoxUM

If you have a consumer firewall you may or may not have access to doing this. (Geoblocking)

With pihole you could create lists of domains (say from certain countries) that you do not want to resolve for name resolution. But it would not stop those countries from attempting to access open ports on your network. I.e. ingress vs egress

By default your home firewall/router, if it is a consumer model, should not have any ports open.

Hope this helps!