Firewall

If you’re running a homelab with multiple network segments, there’s a good chance you have at least one machine connected to more than one network. Maybe your workstation has a wired connection to your DMZ and wireless to your trusted WLAN. Convenient? Yes. A potential security hole? Also yes. The Problem My workstation sits on two networks: wireless connected to my home WLAN (192.168.3.0/24) and wired into my DMZ (192.168.4.0/24). The DMZ is intentionally isolated—it’s where I run services exposed to the internet. The WLAN is where everything else lives: personal devices, management interfaces, the stuff I actually care about protecting. ...

When I needed to add a node from my DMZ to my Kubernetes cluster on the LAN, I discovered OPNsense has a comprehensive REST API that lets you manage firewall rules programmatically. No clicking through the UI - just curl commands that create rules properly tracked in the configuration and included in backups. The Problem My Kubernetes cluster lives on my LAN (192.168.2.0/24), but I wanted to add a machine from my DMZ (192.168.4.0/24). By default, DMZ traffic can’t reach the LAN - that’s the whole point of a DMZ. I needed to punch specific holes for Kubernetes traffic while keeping everything else blocked. ...