{"id":203,"date":"2022-10-16T16:04:45","date_gmt":"2022-10-17T02:04:45","guid":{"rendered":"https:\/\/wroberts.me\/?p=203"},"modified":"2022-12-08T09:07:29","modified_gmt":"2022-12-08T19:07:29","slug":"configuring-pfsense-firewall","status":"publish","type":"post","link":"https:\/\/wroberts.me\/?p=203","title":{"rendered":"Configuring pfSense Firewall"},"content":{"rendered":"<div class=\"pps-series-post-details pps-series-post-details-variant-classic pps-series-post-details-865\" data-series-id=\"14\"><div class=\"pps-series-meta-content\"><div class=\"pps-series-meta-text\">This entry is part 3 of 6 in the series <a href=\"https:\/\/wroberts.me\/?series=cyber-defense-monitoring-homelab\">Cyber Defense Monitoring Homelab<\/a><\/div><\/div><\/div>\n<p class=\"wp-block-paragraph\" id=\"bkmrk-in-this-part-of-sett\">In this part of setting up our homelab, we&#8217;re going to define the firewall rules for our networks in pfSense.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"bkmrk-logging-in-to-pfsens\"><span class=\"ez-toc-section\" id=\"Logging_in_to_pfSense\"><\/span>Logging in to pfSense<span class=\"ez-toc-section-end\"><\/span><\/h2><div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-transparent ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 eztoc-toggle-hide-by-default' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/wroberts.me\/?p=203\/#Logging_in_to_pfSense\" >Logging in to pfSense<\/a><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/wroberts.me\/?p=203\/#Initial_Setup\" >Initial Setup<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/wroberts.me\/?p=203\/#Create_New_Admin_Account\" >Create New Admin Account<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/wroberts.me\/?p=203\/#Label_Interfaces\" >Label Interfaces<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/wroberts.me\/?p=203\/#Create_Aliases\" >Create Aliases<\/a><\/li><\/ul><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/wroberts.me\/?p=203\/#Firewall_Rules\" >Firewall Rules<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/wroberts.me\/?p=203\/#WAN_Firewall_Rules\" >WAN Firewall Rules<\/a><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/wroberts.me\/?p=203\/#WAN_Access_to_pfSense_Web_Interface\" >WAN Access to pfSense Web Interface<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/wroberts.me\/?p=203\/#WAN_to_LAN_Access\" >WAN to LAN Access<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/wroberts.me\/?p=203\/#Block_Access_to_Active_Directory_Network\" >Block Access to Active Directory Network<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/wroberts.me\/?p=203\/#LAN_Firewall_Rules\" >LAN Firewall Rules<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/wroberts.me\/?p=203\/#AD_Network_Rules\" >AD Network Rules<\/a><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/wroberts.me\/?p=203\/#Access_Default_Gateway\" >Access Default Gateway<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/wroberts.me\/?p=203\/#Allow_Routing_to_Internet_Addresses\" >Allow Routing to Internet Addresses<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/wroberts.me\/?p=203\/#Allow_Access_to_LAN\" >Allow Access to LAN<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/wroberts.me\/?p=203\/#Block_All_other_Traffic\" >Block All other Traffic<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/wroberts.me\/?p=203\/#Static_Routes\" >Static Routes<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n\n\n\n\n<p class=\"wp-block-paragraph\" id=\"bkmrk-open-firefox-on-your\">Open firefox on your Kali machine and enter the IP address of the pfSense interface. Recall that this IP address is the gateway address for the LAN interface of our pfSense router, 10.0.10.1.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"141\" src=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-46-1024x141.png\" alt=\"\" class=\"wp-image-204\" srcset=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-46-1024x141.png 1024w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-46-300x41.png 300w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-46-768x105.png 768w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-46.png 1223w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\" id=\"bkmrk-alternatively%2C-you-c\">Alternatively, you can log in to pfSense from the WAN interface. In the pfSense machine, type &#8220;8&#8221; to enter the shell. Then enter the following command to disable the shell:<\/p>\n\n\n\n<pre id=\"bkmrk-pfclt--d\" class=\"wp-block-code\"><code>pfclt -d<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\" id=\"bkmrk-%C2%A0\">When finished configuring the firewall,  remember to re-enable the firewall with:<\/p>\n\n\n\n<pre id=\"bkmrk-pfctl--e\" class=\"wp-block-code\"><code>pfctl -e<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"480\" src=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-49-1024x480.png\" alt=\"\" class=\"wp-image-207\" srcset=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-49-1024x480.png 1024w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-49-300x140.png 300w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-49-768x360.png 768w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-49.png 1247w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\" id=\"bkmrk-to-log-in-to-pfsense\">To log in to pfSense from the WAN interface, you&#8217;ll enter the IP of vtnet0. In my case, it is 10.80.80.17. For this tutorial, I&#8217;m going to used the Kali machine installed on the LAN interface.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"555\" src=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-52-1024x555.png\" alt=\"\" class=\"wp-image-210\" srcset=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-52-1024x555.png 1024w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-52-300x163.png 300w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-52-768x416.png 768w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-52-1536x832.png 1536w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-52.png 1680w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\" id=\"bkmrk-you%27re-going-to-get-\">You&#8217;re going to get a warning because the certificate for this site is self-signed. Click &#8220;Accept the Risk and Continue.&#8221;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"555\" src=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-48-1024x555.png\" alt=\"\" class=\"wp-image-206\" srcset=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-48-1024x555.png 1024w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-48-300x163.png 300w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-48-768x416.png 768w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-48-1536x832.png 1536w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-48.png 1920w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\" id=\"bkmrk-the-default-credenti\">The default credentials are &#8220;admin&#8221; for the username and &#8220;pfsense&#8221; for the password.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"555\" src=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-47-1024x555.png\" alt=\"\" class=\"wp-image-205\" srcset=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-47-1024x555.png 1024w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-47-300x163.png 300w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-47-768x416.png 768w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-47-1536x832.png 1536w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-47.png 1920w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<\/div>\n\n\n<h4 class=\"wp-block-heading\" id=\"bkmrk-initial-setup\"><span class=\"ez-toc-section\" id=\"Initial_Setup\"><\/span>Initial Setup<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p class=\"wp-block-paragraph\" id=\"bkmrk-the-next-screen-will\">The next screen will be the wizard for the initial configuration of pfSense. Click next.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"555\" src=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-51-1024x555.png\" alt=\"\" class=\"wp-image-209\" srcset=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-51-1024x555.png 1024w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-51-300x163.png 300w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-51-768x416.png 768w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-51-1536x832.png 1536w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-51.png 1920w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<\/div>\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"555\" src=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-50-1024x555.png\" alt=\"\" class=\"wp-image-208\" srcset=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-50-1024x555.png 1024w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-50-300x163.png 300w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-50-768x416.png 768w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-50-1536x832.png 1536w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-50.png 1920w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\" id=\"bkmrk-i%27m-using-cloudflare\">I&#8217;m using Cloudflare&#8217;s DNS server (1.1.1.1) as my primary server and Google&#8217;s (8.8.8.8) as my backup. Click &#8220;Override DSN&#8221; if you want to use your home router&#8217;s DNS servers instead.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"526\" src=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-53-1024x526.png\" alt=\"\" class=\"wp-image-211\" srcset=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-53-1024x526.png 1024w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-53-300x154.png 300w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-53-768x395.png 768w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-53.png 1171w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\" id=\"bkmrk-leave-the-timeserver\">Choose your timezone.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"555\" src=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-54-1024x555.png\" alt=\"\" class=\"wp-image-212\" srcset=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-54-1024x555.png 1024w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-54-300x163.png 300w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-54-768x416.png 768w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-54-1536x832.png 1536w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-54.png 1920w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\" id=\"bkmrk-on-step-4%2C-uncheck-t\">On step 4, uncheck the &#8220;Block private networks from entering via WAN&#8221;&nbsp; since our WAN interface is our internal home network. and not the internet We&#8217;ll let some devices on this network communicate with this lab network,.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"555\" src=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-55-1024x555.png\" alt=\"\" class=\"wp-image-213\" srcset=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-55-1024x555.png 1024w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-55-300x163.png 300w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-55-768x416.png 768w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-55-1536x832.png 1536w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-55.png 1920w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\" id=\"bkmrk-step-5-should-not-ne\">Step 5 should not need any changes as it should be the same subnet from when first installing pfSense.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"555\" src=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-57-1024x555.png\" alt=\"\" class=\"wp-image-215\" srcset=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-57-1024x555.png 1024w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-57-300x163.png 300w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-57-768x416.png 768w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-57-1536x832.png 1536w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-57.png 1920w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\" id=\"bkmrk-set-a-new-admin-pass\">Set a new admin password for step 6.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"555\" src=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-56-1024x555.png\" alt=\"\" class=\"wp-image-214\" srcset=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-56-1024x555.png 1024w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-56-300x163.png 300w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-56-768x416.png 768w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-56-1536x832.png 1536w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-56.png 1920w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\" id=\"bkmrk-click-reload-and-the\">Click reload and then click finish on the following screen. Accept the license agreement that pops up afterwards.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"alignright size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"555\" src=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-58-1024x555.png\" alt=\"\" class=\"wp-image-216\" srcset=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-58-1024x555.png 1024w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-58-300x163.png 300w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-58-768x416.png 768w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-58-1536x832.png 1536w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-58.png 1920w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<\/div>\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"555\" src=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-59-1024x555.png\" alt=\"\" class=\"wp-image-217\" srcset=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-59-1024x555.png 1024w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-59-300x163.png 300w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-59-768x416.png 768w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-59-1536x832.png 1536w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-59.png 1920w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<\/div>\n\n\n<h4 class=\"wp-block-heading\" id=\"bkmrk-create-new-admin-acc\"><span class=\"ez-toc-section\" id=\"Create_New_Admin_Account\"><\/span>Create New Admin Account<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p class=\"wp-block-paragraph\" id=\"bkmrk-next%2C-we%27re-going-to\">Next, we&#8217;re going to create a new admin account and disable the default one. On the top menu bar, click &#8220;System&#8221; then &#8220;User Manager.&#8221;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"555\" src=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-60-1024x555.png\" alt=\"\" class=\"wp-image-218\" srcset=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-60-1024x555.png 1024w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-60-300x163.png 300w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-60-768x416.png 768w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-60-1536x832.png 1536w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-60.png 1920w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\" id=\"bkmrk-click-%22add%22.-enter-a\">Click &#8220;Add&#8221;. Enter a username and password. Under group membership, move admins over to the member of side. Click save.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"555\" src=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-62-1024x555.png\" alt=\"\" class=\"wp-image-220\" srcset=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-62-1024x555.png 1024w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-62-300x163.png 300w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-62-768x416.png 768w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-62-1536x832.png 1536w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-62.png 1920w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<\/div>\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"555\" src=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-61-1024x555.png\" alt=\"\" class=\"wp-image-219\" srcset=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-61-1024x555.png 1024w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-61-300x163.png 300w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-61-768x416.png 768w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-61-1536x832.png 1536w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-61.png 1920w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\" id=\"bkmrk-now%2C-we%27re-going-to-\">Now, we&#8217;re going to disable the admin account. Click on the pencil next to the admin account.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"555\" src=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-63-1024x555.png\" alt=\"\" class=\"wp-image-221\" srcset=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-63-1024x555.png 1024w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-63-300x163.png 300w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-63-768x416.png 768w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-63-1536x832.png 1536w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-63.png 1920w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\" id=\"bkmrk-on-the-next-screen%2C-\">On the next screen, click the box to disable logins. Then save.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"555\" src=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-64-1024x555.png\" alt=\"\" class=\"wp-image-222\" srcset=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-64-1024x555.png 1024w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-64-300x163.png 300w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-64-768x416.png 768w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-64-1536x832.png 1536w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-64.png 1920w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<\/div>\n\n\n<h4 class=\"wp-block-heading\" id=\"bkmrk-label-interfaces\"><span class=\"ez-toc-section\" id=\"Label_Interfaces\"><\/span>Label Interfaces<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p class=\"wp-block-paragraph\" id=\"bkmrk-next%2C-we%27re-going-to-0\">Next, we&#8217;re going to label our interface. On the menu-bar, click interfaces, then LAN. Change LAN to Kali. Then click save.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"555\" src=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-65-1024x555.png\" alt=\"\" class=\"wp-image-223\" srcset=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-65-1024x555.png 1024w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-65-300x163.png 300w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-65-768x416.png 768w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-65-1536x832.png 1536w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-65.png 1920w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\" id=\"bkmrk-repeat-this-process-\">Repeat this process for the OPT1 interface.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"518\" src=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-68-1024x518.png\" alt=\"\" class=\"wp-image-226\" srcset=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-68-1024x518.png 1024w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-68-300x152.png 300w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-68-768x388.png 768w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-68.png 1268w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<\/div>\n\n\n<h4 class=\"wp-block-heading\" id=\"bkmrk-click-on-%22interfaces\"><span class=\"ez-toc-section\" id=\"Create_Aliases\"><\/span>Create Aliases<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p class=\"wp-block-paragraph\" id=\"bkmrk-we%27re-going-to-creat\">We&#8217;re going to create an alias for&nbsp; RFC1918 private networks. This alias will be used in some firewall rules to reference the private address space in later steps.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\" id=\"bkmrk-click-firewall%2C-then\">Click firewall, then aliases, then hit the &#8220;Add&#8221; button.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\" id=\"bkmrk-type-in-a-descriptio\">Type in a description and IP ranges shown. Then save.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"848\" height=\"302\" src=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-66.png\" alt=\"\" class=\"wp-image-224\" srcset=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-66.png 848w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-66-300x107.png 300w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-66-768x274.png 768w\" sizes=\"auto, (max-width: 848px) 100vw, 848px\" \/><\/figure>\n<\/div>\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"561\" height=\"147\" src=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-67.png\" alt=\"\" class=\"wp-image-225\" srcset=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-67.png 561w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-67-300x79.png 300w\" sizes=\"auto, (max-width: 561px) 100vw, 561px\" \/><\/figure>\n<\/div>\n\n\n<h2 class=\"wp-block-heading\" id=\"bkmrk-firewall-rules\"><span class=\"ez-toc-section\" id=\"Firewall_Rules\"><\/span>Firewall Rules<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"bkmrk-wan-firewall-rules\"><span class=\"ez-toc-section\" id=\"WAN_Firewall_Rules\"><\/span>WAN Firewall Rules<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\" id=\"bkmrk-we-want-the-followin\">We want the following rules for our WAN interface:<\/p>\n\n\n\n<ul class=\"wp-block-list\" id=\"bkmrk-allow-devices-on-the\">\n<li>Allow devices on the WAN to access the router.<\/li>\n\n\n\n<li>Allow devices on the WAN to access the Kali\/LAN network for ssh or remote desktop access.<\/li>\n\n\n\n<li>Block access from the WAN to the AD network.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\" id=\"bkmrk-on-the-top-menu%2C-cli\">On the top menu, click &#8220;Firewall,&#8221; then &#8220;Rules.&#8221;&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"165\" height=\"233\" src=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-69.png\" alt=\"\" class=\"wp-image-227\"\/><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\" id=\"bkmrk-make-sure-the-wan-ta\">Make sure the WAN tab is highlighted, then press &#8220;Add.&#8221;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"166\" src=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-70-1024x166.png\" alt=\"\" class=\"wp-image-228\" srcset=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-70-1024x166.png 1024w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-70-300x49.png 300w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-70-768x124.png 768w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-70.png 1179w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<\/div>\n\n\n<h4 class=\"wp-block-heading\" id=\"bkmrk-wan-access-to-pfsens\"><span class=\"ez-toc-section\" id=\"WAN_Access_to_pfSense_Web_Interface\"><\/span>WAN Access to pfSense Web Interface<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p class=\"wp-block-paragraph\" id=\"bkmrk-the-first-rule-we%27re\">The first rule we&#8217;re going to add is WAN access to the router so we can log in from that network. Here&#8217;s the setup:<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"687\" src=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-71-1024x687.png\" alt=\"\" class=\"wp-image-229\" srcset=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-71-1024x687.png 1024w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-71-300x201.png 300w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-71-768x515.png 768w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-71.png 1266w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\" id=\"bkmrk-we%27re-only-allowing-\">We&#8217;re only allowing traffic to pass to the firewall on port 443 to logging in. Save the changes. You don&#8217;t have to apply changes until all of the firewall rules are made.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"bkmrk-wan-to-lan-access\"><span class=\"ez-toc-section\" id=\"WAN_to_LAN_Access\"><\/span>WAN to LAN Access<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p class=\"wp-block-paragraph\" id=\"bkmrk-next-is-allowing-acc\">Next is allowing access from the WAN to the LAN:<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"525\" src=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-72-1024x525.png\" alt=\"\" class=\"wp-image-230\" srcset=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-72-1024x525.png 1024w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-72-300x154.png 300w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-72-768x394.png 768w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-72.png 1276w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<\/div>\n\n\n<h4 class=\"wp-block-heading\" id=\"bkmrk-block-access-to-acti\"><span class=\"ez-toc-section\" id=\"Block_Access_to_Active_Directory_Network\"><\/span>Block Access to Active Directory Network<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p class=\"wp-block-paragraph\" id=\"bkmrk-block-all-access-to-\">Block all access to the Active Directory (AD) network. Note the action is Block:<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"541\" src=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-73-1024x541.png\" alt=\"\" class=\"wp-image-231\" srcset=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-73-1024x541.png 1024w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-73-300x159.png 300w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-73-768x406.png 768w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-73.png 1273w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\" id=\"bkmrk-the-end-state-should\">The end state should look like this:<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"264\" src=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-74-1024x264.png\" alt=\"\" class=\"wp-image-232\" srcset=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-74-1024x264.png 1024w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-74-300x77.png 300w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-74-768x198.png 768w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-74.png 1235w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<\/div>\n\n\n<h3 class=\"wp-block-heading\" id=\"bkmrk-lan-firewall-rules\"><span class=\"ez-toc-section\" id=\"LAN_Firewall_Rules\"><\/span>LAN Firewall Rules<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\" id=\"bkmrk-no-changes-are-need-\">No changes are need for the LAN interface. We want this network to be able to communicate with all of the other networks for now.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"228\" src=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-75-1024x228.png\" alt=\"\" class=\"wp-image-233\" srcset=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-75-1024x228.png 1024w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-75-300x67.png 300w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-75-768x171.png 768w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-75.png 1195w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<\/div>\n\n\n<h3 class=\"wp-block-heading\" id=\"bkmrk-ad-network-rules\"><span class=\"ez-toc-section\" id=\"AD_Network_Rules\"><\/span>AD Network Rules<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\" id=\"bkmrk-navigate-to-the-ad_n\">Navigate to the AD_Network interfce. For our Active Directory Network, we want the following rules:<\/p>\n\n\n\n<ul class=\"wp-block-list\" id=\"bkmrk-access-to-the-defaul\">\n<li>Access to the default gateway for internet access<\/li>\n\n\n\n<li>Allow traffic to internet addresses<\/li>\n\n\n\n<li>Allow packets to the Kali machine<\/li>\n\n\n\n<li>Block all other traffic<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"bkmrk-access-default-gatew\"><span class=\"ez-toc-section\" id=\"Access_Default_Gateway\"><\/span>Access Default Gateway<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"547\" src=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-76-1024x547.png\" alt=\"\" class=\"wp-image-234\" srcset=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-76-1024x547.png 1024w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-76-300x160.png 300w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-76-768x410.png 768w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-76.png 1247w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<\/div>\n\n\n<h4 class=\"wp-block-heading\" id=\"bkmrk-allow-routing-to-int\"><span class=\"ez-toc-section\" id=\"Allow_Routing_to_Internet_Addresses\"><\/span>Allow Routing to Internet Addresses<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p class=\"wp-block-paragraph\" id=\"bkmrk-remember-to-check-th\">Remember to check the &#8220;Invert match&#8221; box for the destination. For the destination address, the RFC1918 alias should come up as an autofill option once you start typing.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"520\" src=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-77-1024x520.png\" alt=\"\" class=\"wp-image-235\" srcset=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-77-1024x520.png 1024w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-77-300x152.png 300w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-77-768x390.png 768w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-77.png 1315w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<\/div>\n\n\n<h4 class=\"wp-block-heading\" id=\"bkmrk-allow-access-to-lan\"><span class=\"ez-toc-section\" id=\"Allow_Access_to_LAN\"><\/span>Allow Access to LAN<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"565\" src=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-78-1024x565.png\" alt=\"\" class=\"wp-image-236\" srcset=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-78-1024x565.png 1024w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-78-300x166.png 300w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-78-768x424.png 768w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-78.png 1217w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<\/div>\n\n\n<h4 class=\"wp-block-heading\" id=\"bkmrk-block-all-other-traf\"><span class=\"ez-toc-section\" id=\"Block_All_other_Traffic\"><\/span>Block All other Traffic<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"562\" src=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-80-1024x562.png\" alt=\"\" class=\"wp-image-238\" srcset=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-80-1024x562.png 1024w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-80-300x165.png 300w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-80-768x421.png 768w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-80.png 1245w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\" id=\"bkmrk-next%2C-we-need-to-con\">Our firewall rules are now done.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"bkmrk-static-routes\"><span class=\"ez-toc-section\" id=\"Static_Routes\"><\/span>Static Routes<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\" id=\"bkmrk-with-the-current-set\">With the current setup, a device on the WAN should be able to communicate with any machines on the LAN interface.&nbsp; If not, a static route needs to be configured on your home router. You&#8217;ll need to specify the interface assigned to pfSense on the WAN and specify the destination as the gateway on the LAN. Here&#8217;s what that looks like for my router:<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"156\" src=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-79-1024x156.png\" alt=\"\" class=\"wp-image-237\" srcset=\"https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-79-1024x156.png 1024w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-79-300x46.png 300w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-79-768x117.png 768w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-79-1536x234.png 1536w, https:\/\/wroberts.me\/wp-content\/uploads\/2022\/11\/image-79.png 1692w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\" id=\"bkmrk-%C2%A0-0\">&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\" id=\"bkmrk-and-with-that%2C-our-f\">And with that, our firewall configuration is done. Now that we have the flow of traffic controlled between our networks, it&#8217;s time to set up the Active Directory network. After that, we&#8217;ll set up out monitoring systems to simulate alerting us of any suspicious activity on the network. Until next time.<\/p>\n","protected":false},"excerpt":{"rendered":"<div class=\"pps-series-post-details pps-series-post-details-variant-classic pps-series-post-details-865 pps-series-meta-excerpt\" data-series-id=\"14\"><div class=\"pps-series-meta-content\"><div class=\"pps-series-meta-text\">This entry is part 3 of 6 in the series <a href=\"https:\/\/wroberts.me\/?series=cyber-defense-monitoring-homelab\">Cyber Defense Monitoring Homelab<\/a><\/div><\/div><\/div><p>In this part of setting up our homelab, we&#8217;re going to define the firewall rules for our networks in pfSense. Logging in to pfSense Open firefox on your Kali machine and enter the IP address of the pfSense interface. Recall that this IP address is the gateway address for the LAN interface of our pfSense &#8230; <a href=\"https:\/\/wroberts.me\/?p=203\" class=\"more-link\">Read More<span class=\"screen-reader-text\"> &#8220;Configuring pfSense Firewall&#8221;<\/span> &raquo;<\/a><\/p>\n","protected":false},"author":1,"featured_media":671,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"series":[14],"class_list":["post-203","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-home-lab","series-cyber-defense-monitoring-homelab"],"_links":{"self":[{"href":"https:\/\/wroberts.me\/index.php?rest_route=\/wp\/v2\/posts\/203","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wroberts.me\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wroberts.me\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wroberts.me\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wroberts.me\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=203"}],"version-history":[{"count":6,"href":"https:\/\/wroberts.me\/index.php?rest_route=\/wp\/v2\/posts\/203\/revisions"}],"predecessor-version":[{"id":845,"href":"https:\/\/wroberts.me\/index.php?rest_route=\/wp\/v2\/posts\/203\/revisions\/845"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/wroberts.me\/index.php?rest_route=\/wp\/v2\/media\/671"}],"wp:attachment":[{"href":"https:\/\/wroberts.me\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=203"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wroberts.me\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=203"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wroberts.me\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=203"},{"taxonomy":"series","embeddable":true,"href":"https:\/\/wroberts.me\/index.php?rest_route=%2Fwp%2Fv2%2Fseries&post=203"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}