Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Block other pfsenses on my network

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 5 Posters 601 Views 7 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P Offline
      pflover
      last edited by

      hi. i have a network.
      The network infrastructure is in my hands, but the servers are owned by other people who may do malicious work and set up another firewall and try to create new rules on the network that violate the rules of this original firewall. To prevent this, I intend to make sure that only the main firewall works on the network and no other firewall can set rules on the network.
      whats your solutions?

      JKnottJ V 2 Replies Last reply Reply Quote 0
      • JKnottJ Offline
        JKnott @pflover
        last edited by

        @pflover

        ????

        Firewalls don't set rules for other firewalls. They can only be configured for what they pass or block. What you're asking for is like changing your door lock, so that someone else's door lock doesn't affect yours.

        PfSense running on Qotom mini PC
        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
        UniFi AC-Lite access point

        I haven't lost my mind. It's around here...somewhere...

        M 1 Reply Last reply Reply Quote 0
        • M Offline
          mer @JKnott
          last edited by

          @jknott
          My solution is walk around physically inspecting every machine on the network. If you find an unauthorized firewall, unplug, smash it with a brick. If another one shows up in it's place, do the same thing but use a bigger brick.

          1 Reply Last reply Reply Quote 0
          • V Offline
            viragomann @pflover
            last edited by

            @pflover said in Block other pfsenses on my network:

            set up another firewall and try to create new rules on the network that violate the rules of this original firewall

            How should they do this?

            If you manage the the main firewall and this one is installed on a central place in your network, you can control the whole traffic from the servers to other network segments and the internet as well as the whole downstream traffic to the servers.
            If the servers should also be prohibited to talk with each other you have to segment your network. You can connect all the servers to a managed switch and put each one in a separated VLAN, which you control on the main firewall to take it to extremes. So you can control the whole traffic in and out on each VLAN, i.e. each unique server and you're absolutely safe, when you configure it properly.

            1 Reply Last reply Reply Quote 0
            • stephenw10S Offline
              stephenw10 Netgate Administrator
              last edited by

              Mmm, where exactly are these 'extra firewalls' ? Like a software firewall on the server(s)?

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.