PFS Logging Web Traffic…
Okay everyone, rookie here obviously, so I'll make this quick as clearly I have a lot to learn. Does PFS log traffic in anyway?
I only ask because a friend helps me tweak PFS, and loves to bust my chops that he has access to all my house's internet activity.
Thanks in advance!
If you can't trust the person setting up your firewall, they shouldn't be setting up your firewall.
pfSense logs plenty, but if the person setting up your firewall doesn't want the access to be logged, they can turn logging off. See how that works?
But, in general, pfSense doesn't log web activity of LAN clients out to WAN.
The other basic thing to check is that YOU have access to the admin password.
And there are no other admin users on the box.
Sounds like a good excuse to learn more about pfSense…..
@Derelict - Well I trust him but he's a chop buster for sure so the less excuse he has the better.
@divsys - Yes, I've certainly learned a lot by forcing myself to research and see all the options PFS offers. As far as your suggestion, I'm the only one with access now with no other accounts on board. But he talks about wireshark and port sniffers and just LOVES to break my balls! So my question was \ is are there other ways to get in and or have logs sent directly to someone else?
Either way I appreciate your help.
"wireshark and portsniffers" require "proximity". In order to capture packets (wireshark) of what is coming out of your WAN port, he'd need to know the assigned IP address. If you are behind a cable modem, he'd need to know the IP address assigned to it. Depending on the infrastructure of your ISP, he may not be able to get to it.
Port sniffers, pretty much the same thing.
Is it possible that he also installed something on equipment in your home network to provide access/data? Yes, that's the way malware/virus/ransomware do a lot of things.
Sending logs elsewhere: Yes, it's possible.
The default pfSense install is:
Everything originating from LAN side is allowed out WAN
Everything originating from WAN side is blocked UNLESS it is a response to LAN traffic.
The second point only matters if you are running a service you want accessible from the public internet (web server, ftp server, etc).
A simple thing to do would be to post screenshots of the rules that are configured on your WAN, LAN interfaces, any floating rules. A list of installed packages would also help.
If he's busting chops to make sure you learn and understand that's good, just don't let trust overrule common sense.