Block Diagram depicting how pfSense process a packet with and without IDS/IPS module on top of it

Fareed Jamali

Thank you for your kind respond. This is very good block diagram for understanding the basics. I am looking towards more in depth knowledge of how the blocks actually works. As an example, if we talk about an Intrusion Detection and Prevention system, there are few basic building blocks that makes the system work. Starting with Packet capturing and followed by Packet Decoder, Pre-processor, Detection engine, Alarming module and then Output module. Now all of these has very important role that makes the complete IDS/IPS work as a system. Any block diagram that can actually summarize the whole process of what is going inside a pfSense will greatly help in visualizing and easy understanding of the product.

bmeeks

@Fareed-Jamali said in Block Diagram depicting how pfSense process a packet with and without IDS/IPS module on top of it:

Thank you for your kind respond. This is very good block diagram for understanding the basics. I am looking towards more in depth knowledge of how the blocks actually works. As an example, if we talk about an Intrusion Detection and Prevention system, there are few basic building blocks that makes the system work. Starting with Packet capturing and followed by Packet Decoder, Pre-processor, Detection engine, Alarming module and then Output module. Now all of these has very important role that makes the complete IDS/IPS work as a system. Any block diagram that can actually summarize the whole process of what is going inside a pfSense will greatly help in visualizing and easy understanding of the product.

For the answers to questions at that level of detail, you will need to use Google to search for tutorials on the internal structures of the various IDS/IPS engines. The packages available for pfSense are simply GUI wrappers to aid in the configuration of the two most popular IDS/IPS engines: Snort and Suricata. The actual work of IDS/IPS is done by the compiled binary.

Fareed Jamali

I have in depth knowledge of how IDS/IPS works. I want to know the in depth block diagram of pfSense. I want to see the complete functionality of pfSense in a block diagram. Something that might look like https://commons.wikimedia.org/wiki/File:Netfilter-packet-flow.svg

bmeeks

pfSense is based on the FreeBSD operating system and uses that networking kernel. The firewall engine is pf. You can find information about that on Google. The current release version of pfSense is based on FreeBSD 11.3/STABLE. More than anything else, pfSense is really a PHP GUI wrapper to make configuration of the pf firewall engine more user friendly.

Have you checked out the offical Netgate documentation for pfSense here: https://docs.netgate.com/pfsense/en/latest/book/?

Fareed Jamali

Yes, I have checked the official Netgate documentation and there is too much to go through. Honestly, I lose the grip of actual problem when I start going through it since it is beautifully written. I was wondering if someone had already tried something like this that could help me.

bmeeks

I don't understand what you want. You first asked for how traffic flowed through pfSense when Snort had been added as a package (your word was "module", but that is not technically correct for the pfSense environment). I provided you with two diagrams.

Then you said you wanted to know how packets went through the firewall itself. I provided you a link to the official documentation and what is considered the "Bible" for pfSense, the pfSense Book. But then you say it is too hard for you to understand?

I'm confused as to what you actually want. Are you a student whose instructor has assigned you a project of drawing a block diagram and you want someone else to do your project for you?

Fareed Jamali

Block Diagram depicting how pfSense process a packet. Let's ignore the IDS/IPS part for time being.

Not really, this is not my project nor any professor has assigned me a project. The purpose of such forums are to discuss the things that are missing in the documentation. Have you found any block diagram in the documentation that is actually depicting the complete pfSense functionality?

bmeeks

I don't know that there is such a diagram. I would go search on Google for information about how pf, the packet filter firewall in FreeBSD, works. That is the firewall engine in pfSense.

stephenw10

This is probably as close as you'll get from the pfSense docs:
https://docs.netgate.com/pfsense/en/latest/book/nat/ordering-of-nat-and-firewall-processing.html

You would need to look at the FreeBSD and Packet Filter (pf) docs to see anything more detailed.

Steve

pi

@bmeeks

I greatly appreciate the visual and explanation. It helps a lot. Thank you.