Firewall blocking outbound egress rules
-
Trying to make my outbound safer with some basic blocks
If
LAN address is the address of the interface of the pfSense to the LAN. (ie. 192.168.1.1/32)
LAN Net is the subnet attached to this interface. (ie. 192.168.1.0/24)Would my blocks be like this for MS RPC as example? Trying to understand if I need wan net or wan address.
TCP/UDP
Source = Lan Net
Source port = anyDst = Wan Address
Dst port = 135 -
Outboud to "Internet" ?
WAN Address != Internet
Internet = "ANY"
https://docs.netgate.com/pfsense/en/latest/firewall/index.html
-
Thanks, I think i have it now
nmap -p 1-1024 -Pn scanme.nmap.org
PORT STATE SERVICE
22/tcp filtered ssh
25/tcp filtered smtp
80/tcp open http
135/tcp filtered msrpc
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds -
You do get that 135,127-139, 445 etc are blocked by many/most isp anyway.. And shoot even most docsis modems block it those in their firmware.. Those are not public internet viable ports.. And pretty much always blocked.. Little use to worry about it on your end to be honest.
Sure not going to hurt anything - just kind of pointless.
-
If that's the case, when I ran a nmap scan this morning to an external source, I seen that all of those ports were open. I have a fiber line coming into the house going directly into pfSense so there's no modem of sorts on my end.
Bell fibe is my isp
-
Like I said not going to hurt anything... But amount of places that actually have those ports open at the isp level is not very much.. More an exercise in how to do it more than actual security..
Here is from one of my vps box out of the net
Starting Nmap 7.01 ( https://nmap.org ) at 2019-06-02 09:54 CDT Nmap scan report for scanme.nmap.org (45.33.32.156) Host is up (0.015s latency). Other addresses for scanme.nmap.org (not scanned): 2600:3c01::f03c:91ff:fe18:bb2f Not shown: 1022 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http Nmap done: 1 IP address (1 host up) scanned in 1.96 secondsHere is from my home connection
Starting Nmap 7.01 ( https://nmap.org ) at 2019-06-02 09:48 CDT Nmap scan report for scanme.nmap.org (45.33.32.156) Host is up (0.062s latency). Other addresses for scanme.nmap.org (not scanned): 2600:3c01::f03c:91ff:fe18:bb2f Not shown: 1012 closed ports PORT STATE SERVICE 22/tcp open ssh 25/tcp filtered smtp 55/tcp filtered isi-gl 67/tcp filtered dhcps 77/tcp filtered priv-rje 80/tcp open http 135/tcp filtered msrpc 137/tcp filtered netbios-ns 138/tcp filtered netbios-dgm 139/tcp filtered netbios-ssn 445/tcp filtered microsoft-ds 496/tcp filtered pim-rp-disc Nmap done: 1 IP address (1 host up) scanned in 322.31 secondsAs you see 25 blocked by isp as well.. Home connections that is almost always blocked as well.. But if your on some sort of fiber...
