Oops... Risks Of Passing Any WAN?

  • OK... I'm an idiot. Lets get that out of the way right up front. :)

    I bought a netgate appliance about a year ago and installed pfsense. I watched a YouTube setup tutorial and followed along. The instructions said to make a WAN firewall rule to pass any to any. I knew nothing about what I was doing so I just followed the instructions and everything seemed to work.

    Fast forward a year and I have been slowly learning more about routers and firewalls and security. Today I accidentally typed in my own public IP address into a browser and I was shocked to see my pfsense admin screen. I verified from a remote network that this screen was, indeed, visible to the whole world! :0

    I immediately noticed the problem and shut off the offending firewall rule but I'm wondering what someone could have done with access to that admin screen or is there any lingering threats that I need to look for? My password was not great (I assumed it was only visible from my LAN) so I can only assume that, if someone wanted in, they could have guessed the password pretty easily.

    I have not noticed any signs of problems but I have 3 PCs, a Synology NAS, and a few IP Cams and, being wide open to the world for a year, I'm obviously a little worried.

    I was also running Suricata so maybe that helped block some of the nasties??

    I really appreciate your help.

  • I did some more studying and it looks like maybe the 'pass any' rule in the firewall is about the same result as just not having a firewall- which I didn't have before anyway. So I guess my new question is- is there anything in the pfsense settings that I should look out for that someone might have changed to allow them future access or anything they could have changed that would cause another potential security hole?

  • For a secure set up, install pfSense and DO NOT change any of the out-of-the-box settings except for setting the local IP addresses you might need for your network. That's it. No need to create any rules at all initially.

    As you gain skills in administering a firewall and with increased knowledge of networking, then you may consider limited port forward rules. But I would advise against that. The most secure method for any kind of remote access back into your networks is using a VPN. There are instructions for configuring VPNs in the official Netgate pfSense documentation. Port forwards are just more holes waiting to be exploited.

    And for the record, putting an "any rule" on your WAN was WAY BAD!!! As you see, you exposed your entire internal network to the whole world. Where did you find such a video advising to do that? That person should be excoriated! That is the worst security suggestion I have ever heard. That's as bad as telling someone the best way to put out a fire is to douse it with gasoline ... ☺.

  • LAYER 8 Rebel Alliance

    @MarkTX said in Oops... Risks Of Passing Any WAN?:

    I watched a YouTube setup tutorial and followed along. The instructions said to make a WAN firewall rule to pass any to any.

    That must be some really fucked up tutorial when telling people to put any-any on WAN. 😤
    You have a Public IP on pfSense WAN or RFC1918?