Browsed by
Tag: pfsense

Block Ads & Malvertising on pfSense Using pfBlockerNG (DNSBL)

Block Ads & Malvertising on pfSense Using pfBlockerNG (DNSBL)

This walkthrough uses the DNSBL portion of pfBlockerNG to remove ads/advertising and more importantly, malvertising. It essentially creates a functionality similar to the pi-Hole project except it doesn’t require a separate piece of hardware. Instead, you just use your pfSense (pfBlockerNG)! I love pfSense and if I could only install one package to enhance its capabilities, it would undoubtedly be pfBlockerNG. pfBlockerNG is a pfSense package maintained by @BBcan177 (on Twitter). It’s worth mentioning that BBCan177 has a Patreon campaign where you…

Read More Read More

Redirect outgoing NTP traffic to an internal NTP server

Redirect outgoing NTP traffic to an internal NTP server

Tired of seeing outbound NTP blocks in your firewall logs because you restrict outgoing traffic? Or maybe you are receiving alerts because some device uses NTP pool resources (such as pool.ntp.org) and one of those IP addresses has ended up on a blacklist, blocklist, threat intelligence feed, etc? Either way, few things in the life of an IT or security professional are as frustrating as false positives. This write-up will help you change that with a little NAT magic, aka…

Read More Read More

Monitoring pfSense with Nagios XI Using SSH – part 3

Monitoring pfSense with Nagios XI Using SSH – part 3

Configuring the checks on Nagios XI This is the third and final part to monitoring pfSense with Nagios XI using SSH. If you missed either of the previous parts, I’ve included them below. Part 1: Setting up password-less SSH Part 2: Downloading and testing the checks Finally, let’s configure the checks on Nagios XI! Go to the SSH Proxy wizard. I like to change the OS to FreeBSD, but all that really does is change the icon in the web…

Read More Read More

Monitoring pfSense with Nagios XI Using SSH – part 2

Monitoring pfSense with Nagios XI Using SSH – part 2

Downloading and testing the checks In the part 1, we setup password-less SSH. What good does that do? Now that we have a secure connection between the systems, we are quite a bit closer to securely running check commands using the SSH proxy on Nagios XI (or the check_by_ssh on Nagios Core). First though, we need to get the various plugins on the pfSense box. We are going to use a handful of custom scripts, but we’ll also use some…

Read More Read More

Monitoring pfSense with Nagios XI Using SSH – part 1

Monitoring pfSense with Nagios XI Using SSH – part 1

Monitoring pfSense with Nagios XI Using SSH Series This walkthrough will guide you through the process of monitoring your pfSense using Nagios XI and SSH. The scripts could also be used with NRPE without issue, although I discuss why SSH is my preferred route below. Similar configuration steps could be taken on Nagios Core, however, I don’t have a running copy of Core to verify. I also included a service config file at the end of part 3 so Nagios…

Read More Read More

Configuring Quad9 on pfSense

Configuring Quad9 on pfSense

Quad9 is a DNS platform that adds several layers of security. It does this via standard DNS queries/responses.Basically, if a machine on your network queries a known bad hostname, the Quad9 DNS server responds by stating that domain does not exist (NX DOMAIN or non-existent domain). Quad9 also allows you to use DNS over TLS. If you would like a bit more info on Quad9 including some speed benchmarks against other DNS services, I would suggest an earlier article, Quad9 – First…

Read More Read More

Sending pfSense logs to the DShield project

Sending pfSense logs to the DShield project

Changelog 02June2017 – Originally posted 28Nov2017  – Updated due to script changes What is DShield and why would I send them my logs? According to the SANS Internet Storm Center (ISC), “DShield provides a platform for users of firewalls to share intrusion information. DShield is a free and open service.” While DShield is often referred to generically as a “collaborative firewall log correlation system,” for all practical purposes, it is a bit of threat intelligence well before threat intelligence was…

Read More Read More

Securing Open RDP Ports

Securing Open RDP Ports

Mr. Mackey says it best — Open RDP ports on the internet are bad… mmmmkay. When you are architecting an environment, you should avoid them like the plague. Even on an internal network, you should avoid them. Otherwise, you are just asking for problems at some point whether it is someone pounding away looking for a username/password combination or a remote vulnerability in the service. Compromised servers (via RDP) are mainstays for criminal jump points and some are even monetizing…

Read More Read More

Using pfBlockerNG (And Block Lists) On pfSense

Using pfBlockerNG (And Block Lists) On pfSense

If you are also interested in pfBlockerNG (DNSBL) for ad and malvertising blocking, I have a walk-through on it here!  –> Blocking Ads & Malvertising on pfSense Using pfBlockerNG (DNSBL) <– In a previous post, I talked about implementing blocklists (aka IP reputation lists, ban lists, blacklists, etc.) generically on nearly any firewall to improve your security. The examples I used were on pfSense and OPNsense. I also discussed the methodology and some background as well so if you’re just coming into…

Read More Read More

Using Firewall Block Lists

Using Firewall Block Lists

Changelog 28Feb2017 – Originally posted 19Mar2017 – Added firehol_level3 section 15Feb2018 – Added outbound/LAN rule section This guide is primarily for anyone using a firewall other than pfSense. If you are using pfSense, I would strongly suggest following my guide written specifically for pfSense (and pfBlockerNG). That guide replicates/mirrors much of the work below and also adds to it.  https://www.linuxincluded.com/using-pfblockerng-on-pfsense/ IP reputation lists (aka IP blacklists, ban lists, block lists, etc.) are fairly plentiful and some are better (more IPs…

Read More Read More