I'd normally post this on reddit...but I thought I'd give the Tildes Tech Support Team a try.

I have a Ubiquiti Unifi Cloud Gateway Ultra and I'm trying to better understand zone firewall management and VLANs and all that.

I'll start with a screenshot. I'm only changing the two settings highlighted in red.

I'm trying to understand the difference between two firewall policy settings:

1. Action = Allow ONLY, AND Connection State = Return Traffic
2. Action = Allow AND Auto Allow Return Traffic checked, AND Connection State = All

I have two VLANs -- "Internal" and "Lab." Each is in their own policy zone, also called "Internal" and "Lab." The "Internal" VLAN does not have the "Isolate Network" option checked, but "Lab" does.

What I want is devices in "Internal" able to initiate and maintain connections with devices in "Lab." But I don't want devices in "Lab" able to initiate connections to devices in "Internal."

With Policy 1, "Internal" can't reach "Lab" nor vice versa. Hmm.

With Policy 2, "Internal" can ping and SSH into devices in "Lab," but not the other way around. Perfect; that's what I want.

And now my question(s): What is the difference between these two policies? To me, they look the same. But clearly the end results say they're not. So what's actually going on here? Additionally, assuming I could get Policy 1 to do what I want, is Policy 2 more vulnerable from a cybersecurity perspective than Policy 1?

If it helps, here's a screenshot of my zone matrix, with focus on source "Internal" and destination "Lab."

Thanks!

Add awesome game deals to this topic as they come up over the course of the week!

Alternately, ask about a given game deal if you want the community’s opinions: e.g. “What games from this bundle are most worth my attention?”

Rules:

• No grey market sales
• No affiliate links

If posting a sale, it is strongly encouraged that you share why you think the available game/games are worthwhile.

All previous Save Point topics

If you don’t want to see threads in this series, add save point to your personal tag filters.

Hi all, we're planning an RV roadtrip to Scandinavia in July. We'll be taking off from France and so far we're clear on the route until we get to Denmark; the issue is picking between Sweden and Norway for the main leg of the trip. We take off July 5th from Paris and need to be back the 26th. Ideally we would have done a bit of both countries in that time, but I don't think that's realistic (I'm the only driver) and we don't want to rush.

I've trawled the internet for information and advice (Reddit, Youtube roadtrip sites etc), but it's only made it harder to choose. There are so many cool places to visit, and things to see and do! We're leaning towards Norway, but I'm looking for others' thoughts before making our final choice. Here's what we've considered so far:

• We want to focus on being in nature and enjoying the outdoors. Other than spending a day or two in Copenhagen, we're not really looking to stay in the big cities.
• We (well, my wife and kids) are pretty active. We'll probably be looking to go hiking, cycling, swimming, climbing, kayaking/paddling, etc. Between the two, Norway seems to have the most opportunities to do this?
• The RV is fairly large, more than 7m in length, so I'd rather not find myself driving on very small, tight and winding roads. I understand Sweden's roads are more forgiving in this regard?
• We want to avoid places that are overly crowded in the summmer. While places like Trolltunga and Lofoten are beautiful, I expect there will be a lot of tourists there at that time. We dont want to contribute to clogging roads and overcrowding.
• I have downloaded a bunch of apps and maps that give us info on places to park and sleep overnight. I'm not opposed to wild camping, but my main priority will be my family's safety. Staying at paid campsites is not an issue, but we also want some degree of freedom to move around.
• It seems our best option would be to stay in the southern areas of either/both, but I confess I'm tempted to visit a glacier if we can (though it's not a deal-breaker).
• I'm a birdwatcher (I know, summer is not the best period for this), so if anyone knows interesting spots for that I'm all ears!

I know that's a lot of information, but we'd be grateful for any thoughts that could help us make a decision and plan out our itinerary. Any tips you may have are very welcome!

You know when you’re in the shower and you play out a conversation in your head and say all the right things?

Often it’s a throwback to a previous conversation you actually had IRL where you didn’t quite get out what you wanted to, and it’s only with time and separation that you’re able to give your words the precision and clarity you want.

Let us know about a recent one you’ve had. What was the argument? Who was it with? What clarity did you achieve?

Also, for the purposes of the question, I used “shower argument” because it is a more familiar term than “shower conversation.” Your response doesn’t have to be a true argument. It doesn’t even have to be a conversation either. Any shower thinking that has led to a resolution counts.

I like to periodically audit my home computer infrastructure for upgrades/replacements. Mostly this is so I don't have to make an impulse purchase when something inevitably fails, but it's also nice to keep up to date on the state of the art.

I'm currently trying to reassess my home home networking, and I am a bit overwhelmed by everything. So I'm hoping that the residents of Tildes can help me out a bit with recommendations.

I would classify myself as a fairly budget consumer. I'm on a less than 1Gbit Xfinity plan, and have mostly cobbled together my current system from collected parts over the years. My DNS/DHCP is handled by my primary router, an aging T-Mobile Asus device I picked up years ago and loaded with Merlin. A few years ago I picked up an Eero system on discount, and I have been using that in bridge mode to provide mesh Wifi around the house.

The system I have in place is working great. It occurs to me though, that most of the parts are getting old enough that I can't replace them directly. I'm definitely not going to be able to find my specific router easily, and the first gen Eeros are also getting harder to find. I also think I might not be doing myself any favors with the chain of multiple devices being cobbled together. Perhaps it's time to look for a mesh system with the flexibility that my Asus/merlin router offers.

So let's hear it. What sort of networking equipment is everyone using these days? What do you like about it? Any killer features that I have been missing while living under a rock?

So, I want to achieve something particular regarding my home network.
I want to have 2 routers, one is my main router that everything connects to except for my devices where I stream things from, and when it comes to streaming devices, I want those to use a different router that plugs into the main router

Why? I have been selected for the focalmeter panel and that device is connected to a router to

1. intercept all packets going to the router it is setup with
2. replaces the hostnames of all the devices with a random selection of letters (think HH123-4) and I don't want that to happen with my servers. (aka it takes over the DHCP service on the router)

part 1 kinda bothers me but 2 is such a nuisance for when I am doing SSH, So my solution is to get a secondary router for the "streaming" part of my network, hook that router up to my main router and then let the focalmeter take over the DHCP service of that secondary router and so everything it does impacts only the streaming part of my network. Like the focalmeter could literally fuck up the secondary router and my servers and machines I use for non-streaming reasons would not be affected in any way.

My streaming devices need to be able to access my servers to be able to access my jellyfin but that's the only necessary connection I can think of atm. Although it would be nice if I can have the devices on my main network access my streaming devices over the network too.

All that to say, when looking up how to get 2 routers work side-by-side like that with both their DHCP services up and running but not conflicting, I dont really know what to look for. Am I trying to setup a subnet or is there some other word for the network architecture I am trying to achieve?

Have you watched any TV shows recently you want to discuss? Any shows you want to recommend or are hyped about? Feel free to discuss anything here.

Please just try to provide fair warning of spoilers if you can.

There's nothing I enjoy more than waking up late and going through the day without checking the time, and I make a point to do that for myself every year for my birthday. What sort of gifts do you give to yourself to celebrate the day?

Haven't seen anyone mention that project in a few years, but now I'm in the unique position to talk about it. I live somewhere where I can't get any proper internet service - mobile broadband is slow, DSL or fibre lines are not brought out to where I live, and the only other option is cable internet access, which I've 1. had bad experiences with in the past and 2. where I live is operated by a company with laughably bad reviews at exorbitant prices for what they offer. We are talking about 60 USD (eq) a month for 100 megabit service.

So I shopped around to see what other options there are, and Starlink made me an offer. Free equipment, which is usually 400 bucks, delivered to my house, and then an unlimited data plan at whatever speeds I can get where I live for 50 a month, with a one month free trial. I said yes, paid with Apple Pay (seriously, did not have to fill out a single form or sign anything) and the dish arrived the next day.

Now, I know, Starlink is run by Musk, who is somewhere around the top 10 of my nightmare blunt rotation and also pretty likely to be an actual neo-Nazi, but I say whatever. It's not like the alternatives are much better, and at least SpaceX has some actual value for humanity, if you ask me. I might put a "I bought this before Elon went crazy" on my router, though.

I got the dish delivered and set it up on my roof. The app - which is excellent - tells you to orient it north if you're on the northern hemisphere, and to roughly point it up. I built my own mounting solution - a wooden board with mounting holes that snaps in place on my roof - and set everything up, not expecting much.

I was absolutely blown away. The app, once more, is stellar and incredibly easy to use, and a joy to play around with. I got a satellite connection in minutes, and did a speed test. I got 200 down and 50 up in the Starlink app, but independent speed tests as well as my own experience routinely hit 400 down and around 80 up. Genuinely impressive. Ping around 30, by the way. Consistent as well.

The next few days were a similar experience, although I did notice a drop in speeds if there was heavy rain. The speeds dropped however to around 150 over 30, which is still more than usable, and latency was not impacted at all as far as I can tell.

Honestly, it's a super compelling package. Setup was so simple my grandma could have done it, the hardware is beautifully made and very robust, and the designers really did think of a lot here. The cables are just weatherproofed Ethernet and you can bring your own (although they don't recommend it), the router is Wifi 6 and looks damn snazzy, the dish can even heat itself up to melt snow in winter.

If you're looking for reliable internet service, I really can't recommend Starlink enough. If where you're planning on running it is within the service area and you're fine with the 50 dollar a month price point (no speed or data caps, by the way) I'd say go for it.

Now, there are people who will say that it's a good option for remote places, but not that great for densely populated areas in buildings that could get for example cable service, and you shouldn't rely on it. But, well, I haven't been completely honest here:

The real sting in the tale is that I live in one a large European city with plenty of access to other internet methods (just unlucky in terms of my specific building, which is getting fibre next year), and mounted the dish on top of my townhouse in one of the most dense districts in town. It works flawlessly, and it's been the fastest internet service I've ever had, period.

Course, it can't compete with a fibre line, sure, but many people don't have those - and then, service or hardware might still add large costs on top of that. And with Starlink, I can just take it with me whenever I move, and don't need to ever worry about ISPs again.

I don't have many sufficiently nerdy friends to talk about this with, so if you're curious or have any questions, I'll do my best to answer them. If you have Starlink too and feel like I missed something, feel free to contribute to the conversation.