Report of used ports?

Gr1pen

I have changed from a non-protected network to routing all VLANs through a pfSense firewall, initially allowing any-any.

Now I want to start lock down the network, and wonder if there is any tool (like syslog parser or similar) that can give me a report of all ports that have been allowed to ecach IP behind the pfSense? Kind of getting a baseline to create the allow rules from.

I looked at Kiwi Syslog server, but I wonder if anybody know how to achieve this more easy?

stephenw10

You can probably do that with ntop-ng on the firewall.

https://docs.netgate.com/pfsense/en/latest/monitoring/graphs/bandwidth-usage.html#ntopng

Steve

Gr1pen

@stephenw10 Cool, I will give it a try. Thanks!

Sapphon

I tried but it didn't work, maybe I'm doing something wrong?

stephenw10

What exactly did you try?

Please give details otherwise this just looks like spam and will be treated as such.