Pfsense 1.2.3 working but need fine tuning



  • Hello,

    Cant wait for 2.0 to be released! :)

    In the meantime, I have to ask a few questions to fine tune and perfect my setup with 1.2.3…  Some questions are basic I agree but nevertheless I need to grasp the basics.

    1-I have a server running on my network.  It runs several web services that communicates to the outside using specific ports, but these services are not to be accessed from outside my network.  Good examples would be SABnzbd+ which need to communicate with the Usenet servers, but I will never have to access SAB from outside my network.  So what would be the proper way to block all communications to/from this server except through the handful of ports that needs to open?

    2-Snort's list of blocked hosts is being reset either on a periodic basis or every reboot, I am not sure but eery time I go to it, it contains nothing or less items that before... Why's that?  Not useful if snort forgets which hosts it blocked...

    3-How do I block specific content?  I asked this question at several locations, here and outside this forum, never got a clear cut answer, like if it was not possible to do... (??)  I want to block anything from certain addresses (www.blablabla.com) or specific IP's...  Would firewall rules do it?  SquidGuard?

    Anybody who can help answering these questions will be my hero for today!

    Thanks a lot!



    1. Normally inbound access open ports needed and others remain closed(this basic firewalling) but you may create a rule with specific port numbers, but remember use only destination ports no source

    2. Create firewall rules for your desired ip-addresses to get blocked, blocking rules above passing rules and reset states if needed

    Sorry for not being hero for a day cause didn't fill in #2


  • Rebel Alliance Developer Netgate

    Item #2 may be worth trying on the most current code for the snort package. (Not sure how well it's working on 1.2.3, but on 2.0 it's been working) - Lots of fixes have gone into it over the last few weeks.


Locked