• in my effort to set up pfsense to only allow traffic I set it to allow, and configure specific allowed data from there, I have succeeded at blocking everything other than basic web traffic, and am working my way backwards from here, and one of the other points I would like to request assistance with, is in my goals of locking down everything to allow only what I need from there, I have succeeded at blocking my ability to use my vpn, and therefor am requesting assistance to now enable my use of openvpn connections, IPSEC connections, and PPTP connections for my vpn from here.

    I can provide any pertinent additional info upon request, but outside of that, my vpn provider is proXPN if that provides any additional useful information.

  • Reading this and your other thread, I think you might be getting too caught up in security. You're running almost every package available and locking down your LAN, and now you're finding that things are broken and don't work. Is this a home network, corporate LAN, public hotspot...?

    I would suggest that you remove a lot of those extra packages like pfB, Suricata, squid, squidguard, ntopng and then put your LAN rules back to the default of allow all to any. Once you have everything working, THEN you can start adding packages one by one and then testing your applications. Once you have stabilized the packages for your environment, THEN you can start removing access from LAN and locking it all down. However, you may find that locking down LAN will lead to a never-ending game of 'Find what's blocking X'. Usually people trust their LANs, and put any dodgy devices in a DMZ'd VLAN that you can lock down.

  • Normally I'd completely agree with this, however, for reasons I still do not understand, hackers online love to target me, and I've been forced to utilize firewall hardware just to be physically able to use my systems in relative peace from this constant issue of mine with them (the list of examples I could give is exhaustive) and that's the irony of this all. I am a home user on my own segregated portion of my parents home network. This is not normal by any means, even though I run my own servers, this still is a home network, and the issues I've been facing to lead me to running everything behind a firewall Is just ridiculous to begin with.

    Mind you, I may end up just doing that anyways, in an effort to collect the data needed to allow these to pass in the end after I have the needed info, but I would prefer to not need to do it that way.

  • Running a firewall isn't a last resort -- it's something that everybody online should be doing at all times. Also, none of these measures will stop a DDoS, if that's what you're dealing with. If you're running game servers that are being attacked, I might suggest you invest in a VPS and then run your server apps on that instead of from your LAN. I have a Linode VPS that runs several services I use (OpenVPN, tt-rss, Nextcloud), including a little Minecraft server. I pay $20/m. I still don't understand what locking down your LAN has to do with your servers, unless you're running services that are inherently vulnerable and you expect to be owned -- in which case I wouldn't be running those services.

  • Nothing outside of blocking things such as people trying to snoop on ports, services, and basic security granted by any firewall vs no firewall, just basic added layered security, given good security is layered by nature.

  • Don't worry about doorknob rattlers. Count on your default WAN rules to drop all unsolicited inbound traffic. Bots are constantly scanning all IP space, and worrying about that noise will drive you mad. Plus, you can't stop traffic from hitting your WAN. That would require upstream support. Trust that your WAN is blocking it.

  • Well, THAT'S promising to hear, thank you for that, honestly?? The cause of this paranoia fueled hike in security was caused by over 1k hits of being attempted at scanning DIRECTLY AGAINST my firewall, and no, I don't have a smart dlink switch, I DO have a dumb dlink switch, but that wouldn't have been what was trying to hit that address I don't believe, given my research said that it was their managed switch that did that to the ONLY thread I found anywhere that had this same issue

  • That looks like broadcast traffic of some sort which can be totally normal on a LAN. Not so much on a WAN. The next time you think yuo're seeing suspicious traffic, either post your firewall log details or a packet capture via Diagnostics - Packet Capture and either look at it in wireshark or post it here for one of us to look at.

  • Can, and will do, thank you, however, where should I post those logs if I do end up having to do that?? Do I post it here in the firewall section??