Only allow RDP from Australia (NOOB)
Out internet facing RDP server is continually tested from all over and I would like to restrict the connections to Australia only.
I understand pfblockerng is the tool to do this and I have installed the package however am at a loss as to how to get started.
I have read that the best way to achieve this would be to whitelist Australia as opposed to blacklisting other countries.
Any assistance would be greatly appreciated.
Thanks in advance…
Hi Derelict and thanks for the reply.
We had looked at this option however after much research wish to stick with RDP at this point.
You get the nets and subnet IPv4 list for AU (Australia):
Parsing the list like:
Australia:22.214.171.124-126.96.36.199 Australia:188.8.131.52-184.108.40.206 Australia:220.127.116.11-18.104.22.168 Australia:22.214.171.124-126.96.36.199 ...
188.8.131.52-184.108.40.206 220.127.116.11-18.104.22.168 22.214.171.124-126.96.36.199 188.8.131.52-184.108.40.206 ...
Create a alias, with IMPORT tool: https://YOUR-PFSENSE/firewall_aliases_import.php?tab=ip
And paste in Aliases to import the list, save it
And create rule at WAN allow ,with source this Alias to LAN net, with dst port tcp 3389 (for standard rdp ), and create NAT port forwarding rule to rdp server target
But … The safest, as Derelict said, is use VPN
I understood pfblockerng contains lists of countries so I can simply select Australia and whitelist it for RDP?
Yes, you have right. I forget this is a pfBlockerNG subforum :)
In List Action set to permit both at Firewall > pfBlockerNG > Oceania, select AU
– add - Do not edit floating rule.
~~Other thing. Maybe you need edit the floating pfBlockerNG rule for "permit both" AUstralia.
Protocol : any => tcp
Destination: Lan net (or only the rdp server, as you like)
Destination port range: Custom: 3389 (the rdp port)~~
Hi Javcasta and thank you again.
Can I clarify the following please:
As this is for incoming RDP do I use "Permit Both" or just "Permit Inbound" ? I would have thought inbound only…
When I specify my destination being the terminal server is this what is labeled "custom destination" ?
In my firewall rules I have the original RDP rule forwarding to the terminal server. Does my new pfblockerng rule replace this old rule or do they work in combination with each other?
ok, i see now. Do not edit floating rule (sorry :) )
Set to "Permit Inbound" in pfBlockerNG to AUstralia, both its not necessay.
As you already have the rule of nat port forwarding, I suppose it was automatically created (along with the nat) one rule in the lan to allow access from wan to the port tcp3389 at the rdp server, and at wan,the pfBlockerNG floating rule permit traffic from AUstralia. An the default (last rule) rule at wan, block the rest.