Need advice on my firewall rule setup



  • Hey everyone, just jumped on board PFsense and I have to say, best decision yet.. What a difference from consumer.. man was I blinded..

    Anyways, I have a basic firewall setup in the lab and I can use your advice to make sure from a starting standpoint, I am secure.

    WAN.
    Has two pre-defined rules only, block private & bogon. I am assuming that no more is needed here as EVERYTHING should be blocked inbound.

    I have a few Vlans, but here is an example of my guest vlan.. Too much too little?

    cce5f04a-0ac0-4a99-98c4-db1a8509012a-image.png

    Here is one of the lab vlan (non-mgmt accessible, only can get to NAS & IOT)

    fb6e458a-be87-4229-83da-c2c812fe62e6-image.png

    And the main network vlan (I can get to the mgmt ports now so I can take pictures, but the first rule will be changed to blocked)

    ce440e3d-7647-4236-96c2-1d6a24dd9d8e-image.png

    They seem to work, but I feel I am overthinking this.. Maybe a way to make them more efficient?
    I plan to run Suricata and a few other packages.. but the rules I want to make sure are solid..

    Thanks for your feedback..


Log in to reply