Block Countries
-
Hi everyone,
We recently got hacked and the IP source that did it was from Russia. The hacker didn't hack PFSense directly but got through RDP to our terminal server using the local admin account - they brute forced it basically. It wasn't a critical hack as that server is segregated and has no sensitive data on it but nevertheless I am concerned and want to avoid this from happening again. One thing I would like to do is eliminate people from certain countries even getting past the firewall. I already do this for our mail server as there are block lists for just this sort of thing. Is there anything I can configure or install on the PFSense firewall to prevent any access outside of North America? Our work network does not need access from anywhere else except USA and Canada. If I could stop foreign connections right at the perimeter then this is one less thing I have to worry about.
Btw, I already increased security of the hacked server and all other DMZ servers so this shouldn't happen as easy in the future… but these being Windows servers... who knows. :)
Thanks.
-
http://forum.pfsense.org/index.php?action=search
keywords: "block country"-> http://forum.pfsense.org/index.php/topic,14500.0.html
|–> http://forum.pfsense.org/index.php/topic,11279.msg62689/topicseen.html#msg62689 -
Thanks - this sort of helps. I think the steps expect you to know much more about BSD than I do.
I found the xml file that has the alias config. Can you tell me what I need to do to import the IP ranges into this file? I tried connecting to PFSense with WinSCP and it refuses to let me in. I can SSH in but don't know how to edit the file to import these addresses. I tried pico and nano commands and neither work. I have no clue how to use vi/vim so I don't see how I can do this.
I was thinking of just making an alias for Canada and USA and then use a NOT rule to say everything that isn't one of those subnets is blocked. I hope this is the right logic anyways.
Thanks.
-
To install nano just do:
pkg_add -r nano
You can also download config xml through "Diagnostics -> Backup/Restore", then edit this file locally, and do a restore.
-
try sftp with user "root" but same password.