Only allow RDP from Australia (NOOB)

McMurphy

Hi all,

Out internet facing RDP server is continually tested from all over and I would like to restrict the connections to Australia only.

I understand pfblockerng is the tool to do this and I have installed the package however am at a loss as to how to get started.

I have read that the best way to achieve this would be to whitelist Australia as opposed to blacklisting other countries.

Any assistance would be greatly appreciated.

Thanks in advance…

Derelict

Use OpenVPN.

McMurphy

Hi Derelict and thanks for the reply.

We had looked at this option however after much research wish to stick with RDP at this point.

javcasta

Hi

You get the nets and subnet IPv4 list for AU (Australia):
https://www.iblocklist.com/list?list=au
http://list.iblocklist.com/?list=au&fileformat=p2p&archiveformat=gz

Parsing the list like:

Australia:1.0.0.0-1.0.0.255
Australia:1.0.4.0-1.0.7.255
Australia:1.1.1.0-1.1.1.255
Australia:1.2.3.0-1.2.3.255
...

to

1.0.0.0-1.0.0.255
1.0.4.0-1.0.7.255
1.1.1.0-1.1.1.255
1.2.3.0-1.2.3.255
...

Create a alias, with IMPORT tool: https://YOUR-PFSENSE/firewall_aliases_import.php?tab=ip

And paste in Aliases to import the list, save it

And create rule at WAN allow ,with source this Alias to LAN net, with dst port tcp 3389 (for standard rdp ), and create NAT port forwarding rule to rdp server target

But … The safest, as Derelict said, is use VPN

Regards

McMurphy

Hi Javcasta,

I understood pfblockerng contains lists of countries so I can simply select Australia and whitelist it for RDP?

javcasta

Hi

Yes, you have right. I forget this is a pfBlockerNG subforum :)

In List Action set to permit both at  Firewall > pfBlockerNG  > Oceania, select AU

Regards

javcasta

Hi.
– add - Do not edit floating rule.
~~Other thing. Maybe you need edit the floating pfBlockerNG rule for "permit both" AUstralia.

And change:

Protocol : any =>  tcp

Destination: Lan net (or only the rdp server, as you like)
Destination port range: Custom: 3389 (the rdp port)~~
Regards

McMurphy

Hi Javcasta and thank you again.

Can I clarify the following please:

As this is for incoming RDP do I use "Permit Both" or just "Permit Inbound" ? I would have thought inbound only…

When I specify my destination being the terminal server is this what is labeled "custom destination" ?

In my firewall rules I have the original RDP rule forwarding to the terminal server. Does my new pfblockerng rule replace this old rule or do they work in combination with each other?

Thanks again...

javcasta

Hi.

ok, i see now. Do not edit floating rule (sorry  :) )
Set to "Permit Inbound" in pfBlockerNG to AUstralia, both its not necessay.
As you already have the rule of nat port forwarding, I suppose it was automatically created (along with the nat) one rule in the lan to allow access from wan to the port tcp3389 at the rdp server, and at wan,the pfBlockerNG floating rule permit traffic from AUstralia. An the default (last rule) rule at wan, block the rest.

Regards