I must say I'm impressed by the work NIC.cz has done on the #Turris and #TurrisOS.
It has upgraded fully automated, switched from the iptables based firewall to nft, rebooted at night (which is what I configured it to do on upgrades) ... and everything is working as expected out-of-the-box.
That is just excellent engineering work!
[#]foss #oss #openhardware #opensource #excellence #network #networking
=> More informations about this toot | More toots from dazo@infosec.exchange
I remember I was disappointed when setting up this device about half a year ago, regarding the lacking #nftables support But I saw they were working on this, to migrate to it in a coming update.
Today I logged into the LuCI interface to change the firewalling slightly. Just to check everything was as expected, I did an iptables-save dump. And it came out empty. And the realising it was all properly setup in the nft ruleset dump instead.
The router had rebooted about a week ago, something I didn't notice at all. Which means it's running a fully up-to-date OS and packages without any interactions at all.
This is generally just wonderful!
=> More informations about this toot | More toots from dazo@infosec.exchange
There is one concern with such fully automated updates, though ... supply chain attacks.
I do need to fully trust that the infrastructure the TurrisOS update framework relies on is safe and secure. If this framework is compromised, it could easily spread malware quickly.
[#]infosec #supplychain #automation #updates
=> More informations about this toot | More toots from dazo@infosec.exchange
text/geminiThis content has been proxied by September (3851b).