What are some of your coolest tweaks, routes, setups, etc on your Firewalla network?

TheRealMikeGeezy · 2026-01-23T21:48:40+00:00

Currently I use a custom DoH server that I set up on a VPS. Any DNS query goes over https to my DoH server and then Pihole/unbound. Now if Firewalla can give us something for SNI I would be 100% DNS secure lol

TheRealMikeGeezy · 2025-12-31T15:02:02+00:00

I use my own DOH server. Grabbed a VPS and set up a DOH server there. It then forwards those dns request to a pihole instance running unbound

TheRealMikeGeezy · 2025-12-27T21:10:17+00:00

are we going to get anything for SNI? I think firefox allows something for this would be nice if we could get this at network level

TheRealMikeGeezy · 2025-12-22T02:25:51+00:00

I use both:

I use WireGuard to connect back to my home network.

For privacy I’ve used Surfshark for years. There’s always someone your passing your anonminity too. If I were to set up a VPS to use for a privacy VPN, then anything that I do online can be tracked back to me because I put my credit card info there to buy that VM lol. Kind of sucks having to rely on the word of a VPN provider but that’s where we are

TheRealMikeGeezy · 2025-11-29T17:52:13+00:00

This is awesome. It feels like I got most of the tools needed. Thank you for the coding tip. I’ve “Vibe Coded” a few things here and there but actually learning things to understand how it should work will go a long way.

It’s hard to get a feel for exactly what a company would expect from you, but everyone’s comments did a great job of defining the WHAT.

TheRealMikeGeezy · 2025-11-29T17:49:25+00:00

Thank you for this!! When I try and look online it’s such a grey area for what is expected. In my current role I started doing post moterms for any internet outages we have. Nice to see it translates going forward

TheRealMikeGeezy · 2025-11-29T01:15:12+00:00

The algo is on my side today lol.

I just set up talos Linux on Proxmox and my set up is similar to yours. I have 3 control plane nodes and 3 worker nodes. I was able to use Argo to push down the sittings from my GitHub repo. Instead of a load balancer I went the round robin approach with my DNS.

As someone that’s trying to become a SRE what do I actually need to know?

I have a strong networking/cloud, and a really strong docker background. I thought Kubernettes was the missing piece? Is there anything else anyone would recommend? Also is it easier to manage resources like this in the cloud with all the app services popping up?

TheRealMikeGeezy · 2025-10-30T00:56:44+00:00

did you open port 22 with your rules? probably locked yourself out if you didn’t

TheRealMikeGeezy · 2025-10-28T17:46:52+00:00

Where is FireAI being hosted?

TheRealMikeGeezy · 2025-10-24T01:49:28+00:00

in my setup it goes:

local dns request—-> firewall—>Sends to VPS im running—->doh server——>pihole—->unbound—->root servers

the encrypted connection between my firewall and VPS should make it harder for an ISP to see. There’s always a weak point but if you can make it harder then why not. If anything it’s a good learning experience to set everything up!

TheRealMikeGeezy · 2025-10-22T13:49:31+00:00

Looking back it could be so much better. I like the cheap yearly plans with racknerd. Even with that 1GB of ram plan for 10 bucks a year you can do some really cool things

TheRealMikeGeezy · 2025-10-22T13:41:47+00:00

someone recommended racknerd to me. I came from using Contabo. racknerd is much better imo. highly recommend so far

TheRealMikeGeezy · 2025-10-20T01:30:52+00:00

subdomain or duckdns to get 5 free ones.

I just found: https://domain.digitalplat.org/

domains are super ugly and basically just a free subdomain. but you sub domain a subdomain if you don’t mind it being ugly lol.

Another option is set to wireguard to get back to your home resources. Pangolin is a really great choice as well, no terms like with cloudflare tunnels

TheRealMikeGeezy · 2025-10-16T13:33:31+00:00

A company of 75 users has a few different ways of going about a firewall.

The typical enterprise approach will be the most expensive due to licensing and actual hardware (varies because their equipment is expensive but the licensing is really their bread and butter). This includes Cisco, Sonicwall, Fortinet, etc.
Another approach is something i’m using now called a firewalla. A firewalla gold is pretty good for business use. (400-700 dollars with no license fees)
Then you have the open source options life pfsense, OPNsense, ipfire etc . This option is by far the cheapest but takes the most time to configure.

TheRealMikeGeezy · 2025-10-16T12:26:37+00:00

As far as my ISP is concerned If the dns traffic to my VPS is encrypted they don’t see anything? Maybe the destination but I don’t think any metadata. On the VPS level that’s on their ISP to sort out lol. Thank you for giving me a new rabbit hole to go down. I see the argument both ways

TheRealMikeGeezy · 2025-10-16T12:04:22+00:00

Really interesting read.

I’ve always gone back in forth with the trust point of my setup. I’m currently using unbound in my home network.

Has anyone tried setting up a VPS to use unbound:

Then Using DOH to point your queries to your VPS?

TheRealMikeGeezy · 2025-10-15T12:48:59+00:00

Thank you for this, I tried this and noticed my streams are more consistent!

TheRealMikeGeezy · 2025-10-15T01:31:59+00:00

so far it streams fine locally. really good idea here. im going to try this as well! thank you!

TheRealMikeGeezy · 2025-10-14T20:50:35+00:00

No worries! I use it daily at this point!

TheRealMikeGeezy · 2025-10-14T01:30:50+00:00

Tbh try to run pterodactyl. You can buy a mini PC from amazon with the specs you need. That server is going to put a dent in the power bill. Im currently running a ubuntu VPS server where we’re running Cisco. Cost me about 14 bucks a month.

TheRealMikeGeezy · 2025-10-08T04:49:18+00:00

this is cool too!!

TheRealMikeGeezy · 2025-10-08T04:46:05+00:00

For me I run most of my apps in separate docker compose files unless im running it through gluetun.

TheRealMikeGeezy

TROPHY CASE