Browsed by
Tag: firewall rules

pfsense logo
SSHGuard settings on pfSense

SSHGuard settings on pfSense

Comments 3 comments

Something that always annoyed me when performing a vulnerability scan on a pfSense system was the alerts it triggered. Basically, the vulnerability scanner would attempt to bruteforce SSH logins, which would trigger the sshguard protections, placing the IP address in the sshguard table (Diagnostics -> Tables), producing 100’s of firewall block messages, etc. Dec 3 16:22:37 – Int: em0 Type: block Prot: tcp Src: 192.168.1.8:38553 Dest: 192.168.1.1:22 Tracker: 1000000301 – block drop in log quick proto tcp from <sshguard:1> to…

Read More Read More

Morpheus - traffic was normal
Mysterious outbound UDP traffic on port 8888… Help!

Mysterious outbound UDP traffic on port 8888… Help!

Comments 10 comments

What is this traffic on port 8888? Or a device is infected and trying to communicate over port 8888 to IP addresses all over the world?!?! I’ve seen forum posts with similar titles a handful of times now and the final result is often someone discovering the Private Internet Access (PIA) client on a device or computer. I get a chuckle every time I see it because I was once in their shoes so I figured I would make a…

Read More Read More

Redirect outgoing NTP traffic to an internal NTP server

Redirect outgoing NTP traffic to an internal NTP server

Comments 8 comments

Tired of seeing outbound NTP blocks in your firewall logs because you restrict outgoing traffic? Or maybe you are receiving alerts because some device uses NTP pool resources (such as pool.ntp.org) and one of those IP addresses has ended up on a blacklist, blocklist, threat intelligence feed, etc? Either way, few things in the life of an IT or security professional are as frustrating as false positives. This write-up will help you change that with a little NAT magic, aka…

Read More Read More

Using pfBlockerNG (And Block Lists) On pfSense

Using pfBlockerNG (And Block Lists) On pfSense

Comments 32 comments

If you are also interested in pfBlockerNG (DNSBL) for ad and malvertising blocking, I have a walk-through on it here!  –> Blocking Ads & Malvertising on pfSense Using pfBlockerNG (DNSBL) <– In a previous post, I talked about implementing blocklists (aka IP reputation lists, ban lists, blacklists, etc.) generically on nearly any firewall to improve your security. The examples I used were on pfSense and OPNsense. I also discussed the methodology and some background as well so if you’re just coming into…

Read More Read More

Using Firewall Block Lists

Using Firewall Block Lists

Comments 6 comments

Changelog 28Feb2017 – Originally posted 19Mar2017 – Added firehol_level3 section 15Feb2018 – Added outbound/LAN rule section This guide is primarily for anyone using a firewall other than pfSense. If you are using pfSense, I would strongly suggest following my guide written specifically for pfSense (and pfBlockerNG). That guide replicates/mirrors much of the work below and also adds to it.  https://linuxincluded.com/using-pfblockerng-on-pfsense/ IP reputation lists (aka IP blacklists, ban lists, block lists, etc.) are fairly plentiful and some are better (more IPs…

Read More Read More