PfSense

about

building an open-source firewall-router

• https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/Kompendium_Einzel_PDFs_2021/09_NET_Netze_und_Kommunikation/NET_3_2_Firewall_Edition_2021.html
• https://de.wikipedia.org/wiki/PfSense
• https://de.wikipedia.org/wiki/OPNsense
• https://www.admin-magazin.de/Das-Heft/2016/12/Freie-Firewall-OPNSense

whishlist

DSL is extremly slow, improve performance

• WAN load-balancing DSL <> LTE
• cache Windows updates (squid)
• filter
  • malware
  • ads
• isolated public wifi hotspot (VLan)
• isolated CCTV servers (VLan)
  • allow outside > in (routing)
• ...

hardware

• https://shop.tronico.net/Embedded-Computer/PC-Engines/APU-Mainboards/APU-4D4-system-board.html
• https://shop.tronico.net/Embedded-Computer/PC-Engines/Gehaeuse/Gehaeuse-fuer-APU4x4.html?force_sid=9c6oet13oep8rrl80b8ne9k4lh
• https://shop.tronico.net/Speicherkarten-SSD/mSATA/Transcend-mSATA-SSD-32GB.html?force_sid=9c6oet13oep8rrl80b8ne9k4lh

installation

• https://www.computing-competence.de/2018/03/30/installation-von-pfsense-auf-einem-apu-embedded-board-apu-2c4/

prerequisite

• serial-cable / female<>female (null-modem)
• https://de.wikipedia.org/wiki/RS-232#Verkabelung_und_Stecker
  • RX-TX (Pin2/Pin3) crossed
  • GND <> GND
• putty
  • speed 115200
• pfSense-CE-memstick-serial-2.4.5-RELEASE-p1-amd64.img

config

• set LAN Interface 192.168.1.4
• IPv4 Upstream gateway 192.168.1.1
• System > General Setup > DNS Servers 8.8.8.8

configuration

pfBlockerNG

• https://www.computing-competence.de/2018/06/11/mit-pfsense-werbung-und-potentielle-angriffe-blockieren-ala-pihole/

squid

• https://www.taste-of-it.de/pfsense-squid-als-transparenter-proxy-mit-antivirus-funktion-fuer-http/ (http)
  • Local Cache > Dynamic and Update Content > ?geeignete Refresh Patterns?
• https://turbofuture.com/internet/Intercepting-HTTPS-Traffic-Using-the-Squid-Proxy-in-pfSense (https)
  •  ?klappt nicht?