Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to secure pfSense system?

    Scheduled Pinned Locked Moved General pfSense Questions
    7 Posts 4 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      securityconcerned
      last edited by

      How to secure pfSense system? My network will only be as secure as how I configure the firewall and how secure the pfSense system is.(assuming I'm using pfSense as firewall)

      But how can I secure pfSense? Does pfSense have any back doors? How can I verify it doesn't? Configuring the pfSense firewall through web gui from another system seems to compromise the pfSense firewall, because the other system might have a back door or malware.

      Hardware wise, how can I mitigate hardware back doors in processors from Intel or AMD.

      NollipfSenseN 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by Gertjan

        All these questions boil down to one simple answer : build your own hardware. Develop your own software. Done.
        And also : do not connect to networks that you do not trust (like, the Internet) and do not accept devices that you do not trust (your own networks).

        Or learn what routers / firewall actually do. This technology has been downgraded from "rocket science" to "your basic daily need to know knowledge" since the seventies (last century) . Also : the Internet talks a (an awful) lot about this stuff. This enables you to eliminate these questions also. Because you can easily check what comes in and goes out. This is a standard 'network admin' requirement btw. As you can't drive the car with out - at least - a license that says you did follow some 'education'. to do so.
        Because, as without the license, the big and foremost danger ... will be you.

        Btw : backdoors .... while hundreds of thousands are using it .... If that was so - and I admit that I can't be sure for 100 % - Nertgate might as well pull the economical bulletin through it's head.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          Configure it to allow the traffic you need and only that.
          https://docs.netgate.com/pfsense/en/latest/book/firewall/firewall-rule-best-practices.html

          It doesn't have a back door but you can review the code yourself to be sure:
          https://github.com/pfsense

          Setup a management station to configure it from. Use it for nothing else. Run live Linux.

          Use something running opensource firmware like Coreboot.

          Not much more you can do.

          Steve

          1 Reply Last reply Reply Quote 0
          • NollipfSenseN
            NollipfSense @securityconcerned
            last edited by

            @securityconcerned Your security concerned name and questions imply troll.

            pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
            pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

            1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by

              Also see: https://www.reddit.com/r/PFSENSE/comments/f79pmv/how_to_secure_pfsense_system/

              1 Reply Last reply Reply Quote 0
              • GertjanG
                Gertjan
                last edited by

                Probably several troll indeed.
                We're close to the main 'moral of live' questions here.

                Do not worry about stuff you don't know about. Live becomes impossible if you do.
                Do not use what you don't understand is also practical solution (no joke intended here).
                But .... stuff like PHP is 'mastered' these days by 'less then 10 years old'. And few of them finished Havard or something like that to do so.
                So, want to read and understand (because you don't trust the translator) Chinese ? Learn Chinese !

                Great.
                It's Friday and I'm also trolling .... not good.

                PS : @stephenw10 ; why Github , I have a local live and working copy : I can actually "see" what it is doing what it should do - and test it if I have doubts or questions ;)

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                1 Reply Last reply Reply Quote 0
                • stephenw10S
                  stephenw10 Netgate Administrator
                  last edited by

                  That's true for anything written in script for compiled code you need to check the source. 😉

                  Steve

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.