Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How important is WAN protection in this case?

    Scheduled Pinned Locked Moved pfBlockerNG
    22 Posts 10 Posters 2.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • BBcan177B
      BBcan177 Moderator @blank
      last edited by

      @blank said in How important is WAN protection in this case?:

      Now, I moved from UniFi to PFsense, as I actually wanted to use GEOIP blocking and Suricata.
      But reading through this thread sounds like that really wont help!
      But then what are the benefits of PFsense for me, and they seem to be non existent?
      I export the syslog to Splunk, and I have between 5-15.000 incoming connections to my port forwarding rules.
      now, only about 100 of those connections is coming from my country.
      I know that it only takes 1 "good" attack, but considering everything, shouldn't PFBlocker country pass and Suricata help the attack scope?
      What is more "correct" ways to protect yourself?

      Each piece is a layer of security. To limit the open WAN ports you can define an alias with the IPs which are allowed to connect. If that is unmanageable, then add a GeoIP alias for only the countries that should be allowed to connect to those ports. Its not recommended to "Block the world" approach. GeoIP can lessen the hits on the open Ports. Next would be to add IP Blacklist(s) of known malicious IPs to be blocked. Following that, you could enable an IPS to block anything else. Check out pfBlockerNG-devel which has an Integrated Feeds tab to help find suitable IP/DNSBL Blocklists.

      pfSense is going to block all unsolicited inbound traffic, and only let open ports thru.... However, that does nothing to help protect the Outbound which is by default wide open. So IP/DNSBL blocklists can block the known bad for Outbound traffic... GeoIP can be hit/miss but all depends on what you want to accomplish and how conservative/aggressive you want to be with your network.

      "Experience is something you don't get until just after you need it."

      Website: http://pfBlockerNG.com
      Twitter: @BBcan177  #pfBlockerNG
      Reddit: https://www.reddit.com/r/pfBlockerNG/new/

      1 Reply Last reply Reply Quote 0
      • C
        chrcoluk
        last edited by

        By all means keep the custom openvpn port, I find that practice as reasonable, bots and what not scanning services causes spam, the problem is tho if you get used to seeing that spam, then the one day you have a legit attempt at your security you likely to ignore it as you just used to seeing daily spam. Which is why I use custom ports for non public services a lot of the time.

        On the question of things like snort, I wouldnt bother in a situation where the one and only listening service is a private VPN server.

        pfSense CE 2.8.0

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.