Read more about this book |
(For more resources related to this subject, see here.)
The core functionality of any firewall involves creating port forward and firewall security rules, and pfSense is no different. These core features, plus others, can all be found on the main Firewall menu of the pfSense web interface.
This article explains how to configure these rules and the features associated with them. Once you’ve done a few, you’ll realize just how easy it is with pfSense.
This recipe describes how to use, create, edit, and delete aliases. Aliases provide a degree of separation between our rules and values that may change in the future (for example, IP addresses, ports, and so on). It’s best to use aliases whenever possible.
(Move the mouse over the image to enlarge it.)
An alias is a place-holder (that is a variable) for information that may change. A host alias is a good example; we can create a host alias called Computer1 and have it store an IP address of 192.168.1.200.
We can then create firewall and NAT rules that use the Computer1 alias instead of explicitly specifying the IP address of Computer1, which may change. If the IP address of Computer1 does change, then we simply edit the alias instead of modifying numerous rules.
Aliases allow for the flexibility and simplification of future changes. It’s best to use aliases whenever possible.
Adding aliases within aliases is a great way to manage and simplify rules. To illustrate the power of aliases, let’s say our organization has a single VoIP phone that must be allowed to communicate with our VoIP server.
An example of this rule without aliases is as follows:
A better example, using aliases is as follows:
(Move the mouse over the image to enlarge it.)
An even better example, using sub-aliases is:
(Move the mouse over the image to enlarge it.)
Sub-aliases will allow us to easily add more phones by simply modifying an alias:
(Move the mouse over the image to enlarge it.)
Selecting Host(s) as an alias Type allows you to create an alias that holds one or more IP addresses:
(Move the mouse over the image to enlarge it.)
Selecting Network(s) as an alias Type allows you to create an alias that holds one or more networks (that is ranges of IP addresses):
(Move the mouse over the image to enlarge it.)
Selecting Port(s) as an alias Type allows you to create an alias that holds one or more ports:
(Move the mouse over the image to enlarge it.)
Selecting OpenVPN Users as an alias Type allows you to create an alias that holds one or more OpenVPN usernames:
(Move the mouse over the image to enlarge it.)
Selecting URL as an alias Type allows you to create an alias that holds one or more URLs:
(Move the mouse over the image to enlarge it.)
Selecting URL Table as an alias Type allows you to create an alias that holds a single URL pointing to a large list of addresses. This can be especially helpful when you need to import a large list of IPs and/or subnets.
(Move the mouse over the image to enlarge it.)
Aliases can be used anywhere you see a red textbox. Simply begin typing and pfSense will display any available aliases that match the text you’ve entered:
Alias auto-complete is context aware. For example, if the textbox requires a port number then pfSense will only display port alias matches.
To modify an existing alias, follow these steps:
To remove an existing alias, follow these steps:
To import a list of multiple IP addresses, follow these steps:
(Move the mouse over the image to enlarge it.)
I remember deciding to pursue my first IT certification, the CompTIA A+. I had signed…
Key takeaways The transformer architecture has proved to be revolutionary in outperforming the classical RNN…
Once we learn how to deploy an Ubuntu server, how to manage users, and how…
Key-takeaways: Clean code isn’t just a nice thing to have or a luxury in software projects; it's a necessity. If we…
While developing a web application, or setting dynamic pages and meta tags we need to deal with…
Software architecture is one of the most discussed topics in the software industry today, and…