top of page
BackGround_DarkMap.jpg

RUN SAP BETTER

Firewall

pfSense

 

pfSense is a free, open-source  firewall and router computer software distribution based on FreeBSD. The open source pfSense Community Edition and pfSense Plus is installed on a physical computer or a virtual machine to make a dedicated firewall/router for a network.

  • Features: pfSense offers a range of features, including a firewall, VPN, router, DHCP server, DNS server, and WAN load balancer

  • Management: pfSense is managed through a web interface, so there's no need to use the command line or manually edit rule sets

  • Distribution: pfSense is based on the FreeBSD operating system and includes third-party software packages for additional functionality

  • Versions: There are two versions of pfSense: pfSense Community Edition (CE), which is free and open-source, and pfSense Plus, which is used by businesses, governments, educational institutions, and service providers

  • Use cases: pfSense is used in a variety of settings, including small home networks, large corporations, universities, and government agencies

  • Performance: pfSense is designed to provide high levels of performance and stability

  • Development: pfSense is developed and hosted by Rubicon Communications, LLC (Netgate)

What is FreeBSD?

FreeBSD is a free, open-source operating system that's based on the Berkeley Software Distribution (BSD) and is used in many different environments.

  • Features: FreeBSD is known for its stability, reliability, security, and performance. It has many features, including jails, virtualization, and ZFS boot environments

  • Uses: FreeBSD is used to power modern servers, desktops, and embedded platforms. It's the platform of choice for many of the busiest web sites and most pervasive embedded networking and storage devices

  • History: The first version of FreeBSD was released in 1993, and the latest release is 14.1 (4 June 2024)

  • Development: The FreeBSD Project is supported and promoted by the FreeBSD Foundation. A large community has continually developed FreeBSD for more than thirty years. 

  • Architecture: FreeBSD runs on IA-32, x86-64, ARM, PowerPC, and RISC-V processors

pfSense | System

 

General Setup

​System | pfSense Path: System > General Setup

Hostname: pfSense (Default)

Domain: home.arpa (Default)

pfSense recommends to not end the domain name with '.local' as the final part (Top Level Domain, TLD), because 'local' TLD is widely used and it will not network correctly. That is why it recommends "home.arpa" (Acronym ARPA stands for Address and Routing Parameter Area Domain)

Admin Access

WebConfigurator | Path: System > Advanced > Admin Access

If you want to access your pfSense web interface outside your internal network, you may face a error. This happens because pfSense blocks the Browser HTTPS_REFERER. You can disable this feature:

Browser HTTP_REFERER enforcement | Disable HTTP_REFERER enforcement check: Check

pfSense | Forgotten Password

 

The firewall administrator password can easily be reset using the firewall console if it has been lost.

 

  • Access the physical console (Connect to the Console)

  • Use option "3" (Reset admin account and password) to change the password for the admin account 

This option can also reset the "admin" account if it is disabled or expired.

pfSense | SNMP

 

The SNMP (Simple Network Management Protocol) daemon enables remote monitoring of certain pfSense software parameters.

 

The SNMP daemon supports monitoring:

  • Network Traffic

  • Network Flows

  • PF Queues

  • General System Information

    • CPU

    • Memory

    • Disk Usage

Additional Information

  • SNMP Version: SNMPv1/v2

  • Memory usage: Using the SNMP service can increase memory usage by an average of 7%

  • How to use it: The easiest way to see the available data is to run 'snmpwalk' against the firewall from another host with 'net-snmp' or an equivalent package installed

Configuring SNMP Services

  • Go to | Services > SNMP

  • Enable the SNMP Daemon and its controls | Check

  • Polling Port | 161

  • System Location | firewall

  • System Contact | <your-email>@gmail.com

  • Read Community String | Public

  • SNMP modules | Check MibII, Netgraph, PF, Host Resources, UCD ,Regex

  • ​Internet Protocol | IPv4

  • Bind Interfaces | LAN

  • Save it

SNMP Daemon Settings

  • Polling Port | SNMP connections are made using only UDP, and SNMP clients default to using UDP port 161

  • System location | A string to return when an SNMP client requests the system location. Any text may be used here. For some devices a city or state may be close enough

  • System contact | A string defining contact information for the system. It can be a name, an e-mail address, a phone number, or whatever is needed

  • Read Community String | The community string acts as a kind of username and password in one. SNMP clients will need to use this community string when polling. The default value of public is common, so the best practice is to use a different value in addition to restricting access to the SNMP service with firewall rules

Modules


Loadable modules allow the SNMP daemon to understand and respond to queries for additional system information. Each loaded module consumes additional resources. As such, ensure that only required modules are loaded.

  • MibII | This module provides information specified in the standard MIB II tree, which covers networking information and interfaces. Having this module loaded will provide network interface information including status, hardware and IP addresses, the amount of data transmitted and received, and much more

  • Netgraph | The netgraph module provides netgraph-related information such as netgraph node names and statuses, hook peers, and errors

  • PF | The PF module provides a wealth of information about the pf packet filter. The MIB tree covers aspects of the ruleset, states, interfaces, tables, and ALTQ queues

  • Host Resources | This module provides information about the host itself. This includes uptime, load average and processes, storage types and usage, attached system devices, and even installed software (This module requires MibII. If MibII is unchecked when this option is checked, MibII will be checked automatically)

  • UCD | This module provides various system information knows as the ucdavis MIB, or UCD-SNMP-MIB. It provides information about memory usage, disk usage, running programs, and more.

  • Regex | The Regex module is reserved for future use or use by users customizing the code to their needs. It allows creating SNMP counters from log files or other text files

Interface Binding


Binding to a specific local interface can ease communication over VPN tunnels as it eliminates the need for workarounds like static routes. It also provides extra security by not exposing the service to other interfaces. It can also improve communication over multiple local interfaces, since the SNMP daemon will reply from the “closest” address to a source IP address and not the IP address to which a client sent its query.

 

  • Internet Protocol | This controls whether the SNMP daemon will listen for queries on IPv4, IPv6, or both

  • Bind Interfaces | This option configures the SNMP daemon to listen only on the chosen interface or virtual IP address. All interfaces with IP addresses, CARP VIPs, and IP Alias VIPs are displayed in the drop-down list

pfSense | IPv6 | Disabling IPv6

 

You can disable IPv6 on your pfSense, if your ISP does not provide IPv6 services for you. Normally IPv6 is enabled by default on pfSense and there is no problem with that. But sometimes you want to use only IPv4 or you may have some problems with IPv6, such as:

  • The Windows Network Bridge adapter may stop working properly after some updates, because it is also enabled on the adapter (You can choose to disable IPv6 on the Bridge adapter)

  • You may have too many blocking entries in the firewall log, making analysis difficult

How to disable IPv6

  • Blocking IPv6 traffic | System > Advanced > Networking | Allow IPv6: Uncheck

    • Save and Apply

  • Turning on Logging Firewall Default Blocks | Status > System Logs > Settings | Log firewall default blocks: Check all Log Packets

    • Save

  • Disabling DHCPv6 Relay | Services > DHCPV6 Relay | Enable DHCPv6 Relay: Uncheck

    • Save and Apply

  • Disabling DHCPv6 on WAN Interface | Interface | Select your WAN interface | IPv6 Configuration Type: None

    • Save and Apply

  • Disabling DHCPv6 Server | Services > DHCPv6 Server | Enable DHCPv6 server on LAN interface: Uncheck

    • (Optional) If you have several interfaces, repeat this step for all interfaces

    • Save and Apply

  • Disabling Router Advertisement | Services > Router Advertisement | Router Mode: Disabled

    • Save

  • Disabling DHCPv6 on LAN Interface | Interface | Select your LAN interface | IPv6 Configuration Type: None

    • (Optional) If you have several interfaces, repeat this step for all interfaces

    • Save and Apply

  • Removing Default Gateway | System > Routing > Gateways | Default gateway IPv6: None

    • Save and Apply

pfSense | Notifications

 

The firewall can notify administrators of important events and errors by displaying an alert in the menu bar, indicated by the fa-"bell" icon.

In addition to GUI notifications, the firewall also supports the following notification methods:

 

  • Remote:

    • E-mail using SMTP

    • Telegram notification API

    • Pushover notification API

    • Slack notification API

  • Local:

    • LED indicators on supported hardware (not configurable)

    • Sounds using a PC speaker

Setup Notification via E-Mail using GMail SMTP

 

  • On pfSense

  • Go to System > Advanced > Notifications

  • Disable SMTP | Uncheck

  • E-Mail server | smtp.gmail.com

  • SMTP port of E-Mail server | 465

  • Secure SMTP Connection | Enable SMTP over SSL/TLS | Check

  • Validate TLS/SSL | Validate the SSL/TLS certificate presented by the server | Check

  • From e-mail address | <your-email@gmail.com>

  • Notification E-Mail address  | <your-email@gmail.com>

  • Notification E-Mail auth username (optional) | <your-email@gmail.com>

  • Notification E-Mail auth password | <your password>

  • Confirm the password | <your password>

  • Notification E-Mail auth mechanism | PLAIN

  • Save

  • Test SMTP Settings | Click the "Test SMTP Settings" button

Tips

  • "From e-mail address" Field | This is the sender's address of the email

  • "Notification E-Mail address" Field | This is the recipient's email address. You can use GMail "Plus Addressing". Check it here

  • "Notification E-Mail auth username (optional) |Account email to access GMail

  • "Notification E-Mail auth password" Field | You cannot use the same password that you use to log into your Gmail account. You need to generate the "App Password"

pfSense | OpenVPN | NordVPN

 

NordVPN Steps

pfSense Configuration Steps

  • Create the Certificate (System -> Certificate -> Authorities)

  • Crete the OpenVPN Client (VPN -> OpenVPN -> Clients)

  • Check Instance (Status -> OpenVPN)

  • Assign Interfaces (Interfaces -> Interface Assignments)

  • Create Aliases (Firewall -> Aliases -> IP)

  • Update NAT Outbound (Firewall -> NAT -> Outbound)

  • Update LAN Rules (Firewall -> Rules -> LAN)

  • Update Gateway IP Monitoring (System -> Routing -> Gateways)

  • Check Gateway Status (Status -> Gateways)

  • Install Watchdog Service (System -> Package Manager -> Available Packages)

  • Add NordVPN as a Service in Watchdog (Services -> Service Watchdog)

pfSense | WireGuard | NordVPN (Nordlynx Protocol)

 

High Level Steps (Summary)

  • Get NordVPN API Information | Private Key, Public Key and IP Address

  • Install WireGuard Package | System > Package Manager > Available Packages

  • Configure WireGuard | VPN > WireGuard

  • Assign and Configure Interface | Interfaces > Interfaces Assignments

  • Create Alias | Firewall > Aliases

  • Configure Firewall NAT | Firewall > NAT > Outbound

  • Configure Firewall Rules | Firewall > Rules > LAN

  • (Optional) Add WireGuard as Service in Watchdog | Services > Service Watchdog​​

NordVPN API Information

WireGuard Configuration Steps

  • Install WireGuard Package | System > Package Manager -> Available Packages

    • Search for 'WireGuard' and Install it

  • ​Configure WireGuard Tunnel | VPN > WireGuard > Tunnels

    • Enable Tunnel | Check it

    • Description | <Reference Description>

    • Listen Port | 51820

    • Interface Key | <Private Key>

    • Interface Address (NordVPN Address)| 10.5.0.2 / 32

    • Description | <Reference Description>

    • Save it

  • ​Configure WireGuard Peers | VPN > WireGuard > Peers

    • Enable Peer | Check it

    • Tunnel | tun_wg0

    • Description | <Reference Description>

    • Dynamic Endpoint | Uncheck it

    • Endpoint | <Recommended NordVPN Address>

    • Port| 51820

    • Keep Alive | 25

    • Allowed IPs  (Allow all IPs)| 0.0.0.0 / 0

    • Description | <Reference Description>

    • Save it

  • Configure WireGuard Settings | VPN > WireGuard > Settings

    • Enable WireGuard | Check it

    • Keep Configuration | Check it

    • Save it

pfSense | Bufferbloat

 

Before starting, use a "Bufferbloat Test Site" to determine if changes are necessary. If the firewall already receives a high score the circuit may not be prone to bufferbloat and thus may not require these limiters.

Bufferbloat Test Site: https://www.waveform.com/tools/bufferbloat

Configuring CoDel Limiters for Bufferbloat

This configuration requires a limiter and queue for both download and upload, plus a floating rule to apply the limiters to outgoing traffic.

  • Create Download Limiter and Queue (Firewall -> Traffic Shaper -> Limiters)

  • Create Upload Limiter and Queue (Firewall -> Traffic Shaper -> Limiters)

  • Create Floating Rule (Firewall -> Rules ->  Floating)

Create Download Limiter and Queue

  • Navigate to Firewall > Traffic Shaper, Limiters tab

  • Click + New Limiter

  • Configure the limiter with the following settings:

    • Enable: Checked

    • Name: WANDown

    • Bandwidth: 95 (Set equal to WAN download bandwidth. Confirm via speed test first)

    • Mask: None

    • Description: WAN Download

    • Queue Management Algorithm: Tail Drop

    • Scheduler: FQ_CODEL (The page will display FQ_CODEL options and their default values after saving this limiter, but leave them at defaults)

    • Queue Length: 1000 (Can vary depending on the speed of the link, but 1000 should be a safe default for most high speed WANs (100Mbit/s). For very high speed WANs (e.g. 1Gbit/s+), consider increasing further to 3000-5000)

    • ECN: Checked

  • Click Save

  • Click + Add New Queue under WANDown

  • Configure the queue with the following:

    • Enable: Checked

    • Name: WANDownQ

    • Mask: None

    • Description: WAN Download Queue

    • Queue Management Algorithm: Tail Drop

  • Leave the other fields at their default values

  • Click Save

Create Upload Limiter and Queue

  • Navigate to Firewall > Traffic Shaper, Limiters tab

  • Click + New Limiter

  • Configure the limiter with the following settings:

    • Enable: Checked

    • Name: WANUp

    • Bandwidth: 95 (Set equal to WAN download bandwidth. Confirm via speed test first)

    • Mask: None

    • Description: WAN Upload

    • Queue Management Algorithm: Tail Drop

    • Scheduler: FQ_CODEL (The page will display FQ_CODEL options and their default values after saving this limiter, but leave them at defaults)

    • Queue Length: 1000 (Can vary depending on the speed of the link, but 1000 should be a safe default for most high speed WANs (100Mbit/s). For very high speed WANs (e.g. 1Gbit/s+), consider increasing further to 3000-5000)

    • ECN: Checked

  • Click Save

  • Click + Add New Queue under WANUp

  • Configure the queue with the following:

    • Enable: Checked

    • Name: WANUpQ

    • Mask: None

    • Description: WAN Upload Queue

    • Queue Management Algorithm: Tail Drop

  • Leave the other fields at their default values

  • Click Save

Create Floating Rule

  • Navigate to Firewall > Rules, Floating tab

  • Click Add to create a new rule at the bottom of the list

  • Configure the rule as follows:

    • Action: Pass

    • Quick: Checked

    • Interface: WAN

    • Direction: Out

    • Address Family: IPv4 (If the WAN can carry both IPv4 and IPv6, make a separate rule for each address family)

    • Protocol: Any

    • Source: WAN Address (It is important not to match too loosely on the source, especially when a firewall has multiple WANs)

    • Destination: Any

    • Description: CoDel Limiters

    • Gateway: WAN_DHCP (Must be set to the gateway for this WAN interface)

    • In / Out Pipe: WANUpQ / WANDownQ (On WAN floating rules in the outbound direction, “in” traffic is upload, and “out” traffic is download, from the perspective of LAN clients.)

    • Save

  • Apply Changes

  • Reset states to force all traffic to use new limiters

What is jitter?

Jitter is a measure of the variation in latency over time. If your connection suffers from bufferbloat, you'll often also see higher jitter. Too much jitter can cause issues with realtime video and audio calls and online games.

What is ECN?

Explicit Congestion Notification is a means to do network congestion control without dropping packets.

What is CoDel?

CoDel (the name comes from “controlled delay”) was a fundamental advance in the state of the art of network of Active Queue Management (AQM).

How does bufferbloat negatively affect your connection?

Bufferbloat can make web browsing slower, make video calls stutter, and cause VoIP calls will break up. Real-time games will lag.

 

Bufferbloat causes degraded connectivity anytime your Internet connection is under heavy use by any user or application. If a large upload or download of data is happening, other applications and users will slow down.

 

How often is someone on your network really under heavy use? You'd be surprised! Many apps are bandwidth-hungrier than you might imagine. For example, most smartphone's photo-taking apps backup all photos and videos to the cloud as soon as they're taken.

  • Video Calls:

    • If you suffer from bufferbloat during video calls then your call will suffer from delays and occasional dropouts.

  • Gaming:

    • Latency is incredibly important for many online games. When your network is suffering from bufferbloat, the latency will spike, causing noticeable delays, or “lag.” Severe bufferbloat will affect your performance against the other players and your enjoyment of the game. Despite this impact, many routers that advertise themselves as “gaming routers” lack the critical feature to address bufferbloat.

How do you determine which services will work well on my connection?

You can use the following criteria to determine if a particular service will work on your Internet connection. (This is just a general guideline).

  • Web Browsing:

    • Download speed > 2 Mbps

    • Upload speed > 100 Kbps

    • Latency < 500 ms

  • Audio Calls:

    • Download speed > 100 Kbps

    • Upload speed > 100 Kbps

    • 95th Percentile Latency < 400 ms

  • 4K Video Streaming:

    • Download speed > 25 Mbps

  • Video Conferencing:

    • Download speed > 10 Mbps

    • Upload speed > 5 Mbps

    • 95th Percentile Latency < 400 ms

  • Low Latency Gaming:

    • Download speed > 10 Mbps

    • Upload speed > 3 Mbps

    • 95th Percentile Latency < 40 ms

Source: https://docs.netgate.com/pfsense/en/latest/recipes/codel-limiters.html

pfSense | DNS over TLS | DNS Resolver

 

Configuring DNS over TLS

  • This prevents intermediate parties from viewing the content of DNS queries and can also assure that DNS is being provided by the expected DNS servers

  • This feature is only supported by the DNS Resolver

  • Navigate to System -> General

  • Locate the DNS Server Settings Section

  • Add or replace entries in the DNS Servers section such that only the chosen DNS over TLS servers are in the list

    • Address: (e.g. 1.1.1.1) IP address of an upstream DNS Server providing DNS over TLS service

    • Hostname: (e.g. cloudflare-dns.com) Hostname of the same upstream DNS Server in the Address field, used for TLS certificate validation

  • DNS Server Override: Uncheck "Allow DNS server list to be overridden by DHCP/PPP on WAN" (This could add DNS servers to the configuration which do not support DNS over TLS)

  • DNS Resolution Behavior: Set "Use local DNS (127.0.0.1), ignore remote DNS Servers" (This makes the firewall itself use only the DNS Resolver and it will not attempt to contact the DNS servers directly. This prevents DNS requests from the firewall being leaked unencrypted on port 53 if the resolver is temporarily unavailable (DNS Resolution Behavior))

  • Click Save

Warning: About Hostname - The hostname is technically optional but dangerous to omit. The DNS Resolver must have the hostname to validate that the correct server is providing a given response. The response is still encrypted without the hostname, but the DNS Resolver has no way to validate the response to determine if the query was intercepted and answered by a third party server (Man-in-the-Middle attack).

Enable DNS over TLS for Forwarded Queries

  • Configure the DNS Resolver to use DNS over TLS for outgoing queries

  • The DNS Resolver will now send queries to all upstream forwarding DNS servers using SSL/TLS on the default port of 853

  • Navigate to Services -> DNS Resolver

    • Enable DNSSEC Support: Uncheck (DNSSEC is not generally compatible with forwarding mode, with or without DNS over TLS)

    • Enable Forwarding Mode: Check

    • Use SSL/TLS for outgoing DNS Queries to Forwarding Servers: Check

  • Click Save

  • Click Apply Changes

Warning (Caveats):

  • Blocking External Client DNS Queries: Clients can make their own connections to DNS over TLS servers, so block them on TCP/UDP ports 53 and 853 to ensure they only query the DNS Resolver

  • Redirecting Client DNS Requests: Redirecting DNS over TLS queries to the DNS Resolver may or may not work, depending on the clients. Setup the DNS over TLS server and add port forward redirects for TCP/UDP ports 53 and 853 to redirect DNS queries to the firewall

Redirecting Client DNS Requests

  • To restrict client DNS to only the DNS Resolver or Forwarder on pfSense® software, use a port forward to capture all client DNS requests.

  • With this port forward in place, DNS requests from local clients to any external IP address will result in the query being answered by the firewall itself. Access to other DNS servers on port 53 is impossible.

Tip: This can be adapted to allow access to only a specific set of DNS servers by changing the Destination network from “LAN Address” to an alias containing the allowed DNS servers. The Invert match box should remain checked.

Warning: Either The DNS Resolver or DNS Forwarder must be active and it must bind to and answer queries on Localhost, or All interfaces.

The following example uses the LAN interface but the same technique will work with any local interface.

  • Navigate to Firewall > NAT, Port Forward tab

  • Click Add to create a new rule

  • Fill in the following fields on the port forward rule:

    • Interface: LAN

    • Protocol: TCP/UDP

    • Destination: Invert Match checked, LAN Address

    • Destination Port Range: DNS (53)

    • Redirect Target IP: 127.0.0.1

    • Redirect Target Port: DNS (53)

    • Description: Redirect DNS

    • NAT Reflection: Disable

Warning: Clients using DNS over TLS or DNS over HTTPS could circumvent this protection. Redirecting or blocking port 853 may help with DNS over TLS, depending on the clients. (See "Blocking External Client DNS Queries" for additional advice)

Blocking External Client DNS Queries

This procedure configures the firewall to block DNS requests from local clients to servers outside the local network. With no other accessible DNS servers, clients are forced to send DNS requests to the DNS Resolver or DNS Forwarder on pfSense® software for resolution.

Warning: If DNS requests to other DNS servers are blocked, such as by following Blocking External Client DNS Queries, ensure the rule to pass DNS to 127.0.0.1 is above any rule that blocks DNS.

  • Navigate to Firewall > Rules, LAN tab

  • Create the block rule as the first rule in the list:

  • Click Add to create a new rule at the top of the list

  • Fill in the following fields on the rule:

    • Action: Reject

    • Interface: LAN

    • Protocol: TCP/UDP

    • Destination: Any

    • Destination Port Range: DNS (53)

    • Description: Block DNS to Everything Else

  • Create the pass rule to allow DNS to the firewall, above the block rule:

  • Click Add to create a new rule at the top of the list

  • Fill in the following fields on the rule:

    • Action: Pass

    • Interface: LAN

    • Protocol: TCP/UDP

    • Destination: LAN Address

    • Destination Port Range: DNS (53)

    • Description: Pass DNS to the Firewall

  • Click Apply Changes to reload the ruleset

Warning: When complete, there will be two rule entries, and the pass rule should be above the block rule.

Blocking External Client DNS Queries | DNS over TLS


Another concern is that clients could use DNS over TLS to resolve hosts. DNS over TLS sends DNS requests over an encrypted channel on an alternate port, 853.

This traffic can be blocked with a firewall rule for port 853 using the same procedure used for 53. Though if the firewall will not be providing DNS over TLS service to clients, do not add the pass rule.

Blocking External Client DNS Queries | DNS over HTTPS

  • Similar to DNS over TLS, clients may also use DNS over HTTPS (DoH). This is harder to block as it uses port 443. Blocking port 443 on common public DNS servers may help (e.g. 1.1.1.1, 8.8.8.8).

  • Some browsers automatically attempt to use DNS over HTTPS because they believe it to be more secure and better for privacy, though that is not always the case. Each browser may have its own methods of disabling this feature. Firefox uses a “canary” domain use-application-dns.net by default if the user has not manually enabled DNS over HTTPS. If Firefox cannot resolve this name, Firefox disables DNS over HTTPS.

To prevent Firefox from using DNS over HTTPS, add the following to the DNS Resolver custom options:

server:

local-zone: "use-application-dns.net" always_nxdomain

pfSense | DNS Setup

System → General Settings -> DNS Server Settings

Firewall Logs | Messages

WPAD | Web Proxy Auto-Discovery

Web Proxy Auto-Discovery (WPAD) offers organizations a way to automatically configure a proxy server on your system.

 

Organizations can put WPAD config file in a standard manner which if detected by your system having WPAD enabled, your machine will be automatically align to settings prescribed in WPAD auto-config file.

 

WPAD setting is enabled by default on Windows.

  • WPAD On | Windows | Settings > Network & Internet > Proxy  > Automatic Proxy Setup > On

  • WPAD Off | Windows | Settings > Network & Internet > Proxy  > Automatic Proxy Setup > Off

WPAD Web Proxy Auto-Discovery

References: Palo Alto Networks (www.paloaltonetworks.com); Wikipedia (www.wikipedia.org); Google (www.google.com); Oracle (www.oracle.com); Raspberry PI (www.raspberrypi.org); Microsoft (www.microsoft.com); CloudFlare (www.cloudflare.com); NordVPN (nordvpn.com)

bottom of page