PF Firewall Rules
-
You're approaching this the wrong way. Try the following steps:
- Identify how your box was "hacked"
- Fix that problem
If you're forwarding, say, port 80 and you've got a terribly insecure Apache configuration then changing the firewall won't help.
-
I have no idea how my box was hacked but i only allow the port 80(In & Out) and IRC software.
I also need to monitor the port 53(UDP) and add a syn proxy to this port.
Before this, i using iptables from Fedora 7 but still get hacked.
Thanks for your help.
Your help is greatly appreciated by me and others.
-
I have no idea how my box was hacked but i only allow the port 80(In & Out) and IRC software.
I also need to monitor the port 53(UDP) and add a syn proxy to this port.
Before this, i using iptables from Fedora 7 but still get hacked.
Thanks for your help.
Your help is greatly appreciated by me and others.
-
I have no idea how my box was hacked but i only allow the port 80(In & Out) and IRC software.
I also need to monitor the port 53(UDP) and add a syn proxy to this port.
Before this, i using iptables from Fedora 7 but still get hacked.
I learn iptables by example. Therefore, i really hope you can guide me.
Thanks for your help.
Your help is greatly appreciated by me and others.
-
… allow the port 80(In & Out) and IRC software....
.... i using iptables from Fedora 7 ...
.... i learn learn iptables ....
....and before : Linksys Router (Linux based device)...All these issues aren't really related to pfsense, now aren't they ?
pfsense should be your router/firewall/gateway/dhcp server. It works well if you don't take it out of it's default setup.Ask yourself the question : WHY is your system being hacked ?
Log incoming connection (simple iptables rule on your Fedora box - you could do the same on your pfsense box).
You know who it is - and soon : why. -
I have no idea how my box was hacked but i only allow the port 80(In & Out) and IRC software.
You still haven't said what was done, but I'm guessing you had a vulnerability in either your web server of a CGI script. Changing firewall won't help there.
-
I don't have any Web Server or CGI script.
How to log the incoming connection in pfSense ? This is a home network.
-
I don't have any Web Server or CGI script.
Hmmm, earlier you said:
I have no idea how my box was hacked but i only allow the port 80(In & Out) and IRC software.
So, if you don't run a web server why were you allowing 80 inbound?
As for how to log connections - tick the box in the firewall rule you want to log.
-
Thanks. I just want to surfing internet and msn, skype connection only other than that block in.
Keep state the udp 53 connection. If not established, block it.
source tracking as well.Please can you give me the rules, i want to learn from examples. I am a IT student from Malaysia.
A billion thanks to you.
Thanks.
Thanks.
Thanks.
Thanks.
Thanks.
Thanks.
Thanks.
Thanks.
Thanks.
Thanks.
Thanks.
Thanks.
Thanks.
Thanks.
Thanks.
Thanks.
Thanks.
Thanks.
Thanks.
Thanks. -
All modern firewalls, such as the one pfSense uses, are stateful. This means you only have to allow the traffic in one direction.
So, leave the default block rule on the WAN alone and create rules on the LAN side allowing outbound traffic (or leave the default pass-all rule alone). The documentation for pf (the firewall software used in pfSense) can be found http://www.openbsd.org/faq/pf/.
