Setup Still Relevant? Hell YES!
-
I have had my PFSense machine up and running now since October of last year. Now, I shall fine tune as the system should have learn my moves or states. I have Snort, PFBlockerNG, Suricata and Squid's ClamAV Antivirus packages running as well. I have been reading this thread: https://forum.pfsense.org/index.php?topic=78062.0 hoping to use as a guide in helping me to fine tune; however, I wondered whether it's relevant today in the sense that all packages have evolved and lots of the scripts have been included in the offerings now.
Things that seem relevant are the firewall aliases and rules; however, it's lots of reading and one can get lost easily in some of the steps. So, how would you approach using that guide today since it was originally for 2014? Hints would be appreciated. My only addition to firewall other than default is forced DNS to PFSense via OpenDNS (https://doc.pfsense.org/index.php/Blocking_DNS_queries_to_external_resolvers).
For the packages installed, I followed what Lawrence system posted to YouTube.
-
So, I swallowed the pill. I began setting up as directed…I ran into the floating rule blocking everything...but, I like how it works; so, instead of any direction, I set inbound. Later, I read I wasn't alone experience it blocking everything.
So, now I am going through the entire thread...I still have not implemented any script nor install Cron because I notice while I boot my machine that Cron started...there is no service though.
I hope BBcan177 would chime in because PFBlockerNG has a wide range of IP list already. I am glad I saw his suggestion to log the floating rule. I am currently on page 9...long way to go.
-
Okay, I read through the entire thread…one doesn't need to implement all those scripts as one can use the custom DNSBL Feed rules into PFBlockng...really grateful to BBcan177.
I also changed firewall flowing rule to block with the quick set checked, interface: WAN, direction: any, family address: IPv4+IPv6, protocol: TCP, source: any, destination: any, destination port range: other, then from the WebGUI to the WebGUI.
I also added a second firewall flowing rule to block with the quick set checked, interface: WAN, direction: in, family address: IPv4+IPv6, protocol: TCP, source: any, destination: any, destination port range: other, then from outgoing privilege ports to outgoing privilege ports.
Extremely grateful to jflsakfja as well thank you and wish you all the best.
