Because I have some strange hardware, I cannot get pfSense/OPNsense work on my device, and I just don’t want to use OpenWRT for the moment.
So I installed IPfire, and I think it is not for normal home users at all, it is a “professional” firewall.
I have to say, the install process is quite easy (but in face, OPNsense setup process is also painless).
However, the first problem I face is DNSSEC. Unfortunately all my domestic dns resolvers does not support DNSSEC, and what’s more, I have to use ISP provided DNS for most of the browsing or the experience is f**ked (taking about if I can visit a website in seconds or never).
Other DNS providers in my country does not have DNSSEC. If I use 1.1.1.1 or something else that do DNSSEC, it will be like I write letters and then fly to Mars and then go back to earth and then put it to my local mailbox near my house.
Lucky, I found that I can change unbound
configuration to bypass it. Or I have to setup a DNS server locally and skip using IPFire DNS.
Secondly, UPnP. I do understand it is stupid that allow any device to open a hole on the firewall; but I must say, for most home users, it is the risk we are willing to take.
I very often play games with my friend, which usually use UPnP to allow my friend to connect to my PC. Then I should put my PC or my game server(NAS) into other firewall group while they are the devices I should protect the most.
I also a game developer, and I do know UDP hole punching exists, but does not as easy as UPnP and require a public server to work, and sometimes TCP for gaming exists.
Is it maintaining miniupnpd is very hard or time consuming? I can see there are some multimedia addon available, like ffmpeg, libvorbis. look sus to me.
At least I can compile the package and install it myself if I very want to have it.
Third, for installing package, due to some unspeakable reasons, I cannot access pakfire.ipfire.org directly, which means I have to use a proxy and I cannot find a easy way to do it.
I am not here to start a war, but I have to state my point: no one should not take away people knife if the someone think knife is dangerous.