Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    Introducing Netgate Nexus: Multi-Instance Management at Your Fingertips.

    OIDC auth for public facing access?

    Scheduled Pinned Locked Moved Firewalling
    1 Posts 1 Posters 69 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D Offline
      Dave R2
      last edited by Dave R2

      I'm trying to figure out how to better protect my public facing services. IMHO, If it's not obvious, the LLM assisted exploits are only going to improve. Finding 0-days seems to be a weekly thing now and it's just the beginning.

      I think it'd be cool to have pfsense redirect a (incoming) user to /auth endpoint somewhere before accessing any of my services. The user has to login to whatever IDP and then get redirected back to /auth with a jwt or something that the backend app could use to determine if the login succeeded. If so, then some authz check with user@gmail.com that you want to allow. If all good, drop the user IP into a pfsense allow list for 12 hours or something.

      Ya I could just wireguard/tailscale everyone, but I run Nextcloud and share files with people sometimes. WG will never fly for one-off file shares. A redirect could be automated where the user installs nothing.

      Other options is just move all my public stuff to cloud providers but that just adds up to cash I don't have laying around to burn.

      I'm probably trying to reinvent the wheel. Anyone know if something like this already exists?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2026 Rubicon Communications LLC (Netgate). All rights reserved.