• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

How to secure pfSense system?

Scheduled Pinned Locked Moved General pfSense Questions
7 Posts 4 Posters 1.4k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    securityconcerned
    last edited by Feb 21, 2020, 11:19 AM

    How to secure pfSense system? My network will only be as secure as how I configure the firewall and how secure the pfSense system is.(assuming I'm using pfSense as firewall)

    But how can I secure pfSense? Does pfSense have any back doors? How can I verify it doesn't? Configuring the pfSense firewall through web gui from another system seems to compromise the pfSense firewall, because the other system might have a back door or malware.

    Hardware wise, how can I mitigate hardware back doors in processors from Intel or AMD.

    N 1 Reply Last reply Feb 21, 2020, 4:37 PM Reply Quote 0
    • G
      Gertjan
      last edited by Gertjan Feb 21, 2020, 1:44 PM Feb 21, 2020, 12:29 PM

      All these questions boil down to one simple answer : build your own hardware. Develop your own software. Done.
      And also : do not connect to networks that you do not trust (like, the Internet) and do not accept devices that you do not trust (your own networks).

      Or learn what routers / firewall actually do. This technology has been downgraded from "rocket science" to "your basic daily need to know knowledge" since the seventies (last century) . Also : the Internet talks a (an awful) lot about this stuff. This enables you to eliminate these questions also. Because you can easily check what comes in and goes out. This is a standard 'network admin' requirement btw. As you can't drive the car with out - at least - a license that says you did follow some 'education'. to do so.
      Because, as without the license, the big and foremost danger ... will be you.

      Btw : backdoors .... while hundreds of thousands are using it .... If that was so - and I admit that I can't be sure for 100 % - Nertgate might as well pull the economical bulletin through it's head.

      No "help me" PM's please. Use the forum, the community will thank you.
      Edit : and where are the logs ??

      1 Reply Last reply Reply Quote 0
      • S
        stephenw10 Netgate Administrator
        last edited by Feb 21, 2020, 3:34 PM

        Configure it to allow the traffic you need and only that.
        https://docs.netgate.com/pfsense/en/latest/book/firewall/firewall-rule-best-practices.html

        It doesn't have a back door but you can review the code yourself to be sure:
        https://github.com/pfsense

        Setup a management station to configure it from. Use it for nothing else. Run live Linux.

        Use something running opensource firmware like Coreboot.

        Not much more you can do.

        Steve

        1 Reply Last reply Reply Quote 0
        • N
          NollipfSense @securityconcerned
          last edited by Feb 21, 2020, 4:37 PM

          @securityconcerned Your security concerned name and questions imply troll.

          pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
          pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

          1 Reply Last reply Reply Quote 0
          • S
            stephenw10 Netgate Administrator
            last edited by Feb 21, 2020, 4:40 PM

            Also see: https://www.reddit.com/r/PFSENSE/comments/f79pmv/how_to_secure_pfsense_system/

            1 Reply Last reply Reply Quote 0
            • G
              Gertjan
              last edited by Feb 21, 2020, 5:12 PM

              Probably several troll indeed.
              We're close to the main 'moral of live' questions here.

              Do not worry about stuff you don't know about. Live becomes impossible if you do.
              Do not use what you don't understand is also practical solution (no joke intended here).
              But .... stuff like PHP is 'mastered' these days by 'less then 10 years old'. And few of them finished Havard or something like that to do so.
              So, want to read and understand (because you don't trust the translator) Chinese ? Learn Chinese !

              Great.
              It's Friday and I'm also trolling .... not good.

              PS : @stephenw10 ; why Github , I have a local live and working copy : I can actually "see" what it is doing what it should do - and test it if I have doubts or questions ;)

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              1 Reply Last reply Reply Quote 0
              • S
                stephenw10 Netgate Administrator
                last edited by Feb 21, 2020, 9:55 PM

                That's true for anything written in script for compiled code you need to check the source. 😉

                Steve

                1 Reply Last reply Reply Quote 0
                1 out of 7
                • First post
                  1/7
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                  This community forum collects and processes your personal information.
                  consent.not_received