Internal Web Server: how to protect with pfBlockerNG

  • Hi,

    first of all I'm sorry for my poor English.

    I have a couple 4 Servers (Debian + Nginx + PHP7.3 + Magento) behind pfSense and I'd like to increase protection of these Web Servers with pfBlockerNG-devel. How can I do it? I have read a little and, if I understood well, I have to use the section under Feeds to add lists of IPv4 that must be blocked. Now the question is: which one I have to select or can you advice me with some other lists to add in IPv4 tab?

    Thank you very much

  • Main question: what defend you try to achieve? You try restriction outgoing connections or incoming or both?
    Is this servers are accessible from public internet? If - yes, then: what services you put on internet? Based on this you could get a list of bad guys abusing this and only this services. Such list can be get from many places. Use pfBlocker devel package - it newer and recommend release. It have build in some lists though... But aware of false positive. And if you exposed ssh for example, better hide it and simply use VPN, or use only IP white-list to give access to ssh on firewall.

Log in to reply