Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
5 views46 pages

S - W Based Firewall Integration and More

Uploaded by

iamishaq2004
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
5 views46 pages

S - W Based Firewall Integration and More

Uploaded by

iamishaq2004
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 46

Ishaq Ahmad Team Theta

Documentation of Task 02

Contents
Downloading s/w based firewall PfSense ........................................................... 2
Creating VMNet (Virtual Network Interface) ...................................................... 10
Blocking Specific Countries’ s traffic ................................................................. 31
Configure and create rule on firewall .................................................................... 31
Create Rules to Restrict Specific Websites ........................................................... 39
Administrator Privileges Rules .............................................................................. 44
Downloading s/w based firewall PfSense
➢ Google PfSense and click on first link

➢ Click on Download
➢ Select image

➢ Add to cart > Check out > login/Sign up > Start Download.
➢ Open Vmware

➢ New Virtual Machine (Ctrl+N)


➢ Custom (Advanced) & Next
➢ Select 17.0X or later & Install disc image (Select PfSense ISO)
➢ Give Suitable Name and go Next

➢ Processor (1,1)
➢ Choose RAM 2GB → 2048MB

➢ Choose Bridge Network Adapter


➢ LSI Logic

➢ SCSI
➢ Create New Virtual Disk

➢ Give at least 20 GB and store as a single image

➢ Next and Finish


➢ Poweroff the Machine for Now
Creating VMNet (Virtual Network Interface)

➢ Create VMNet
➢ Edit > Virtual Network Editor > Change Setting
➢ Add Network > Select available option as in my case VM10
➢ Disable DHCP

➢ 192.168.10.0 and do apply


➢ Edit Virtual Machine Setting > Select Custom VMNet11
➢ Add adopter > Custom > VMNet11
➢ Power ON
➢ Accept Install

➢ Auto UFS
➢ Partitions > Select MBR

➢ 20 GB and commit
➢ Reboot
➢ Set interface IP(2)

➢ LAN (2)
➢ No(n)

➢ 192.168.10.10
➢ Mask 24

➢ Enable http as web >y


➢ >n >n >n
➢ Restart
➢ Open browser (http://192.168.10.10)

➢ Usename: admin
➢ Password: pfsense
➢ Welcome to PfSense

➢ Next
➢ Give Primary DNS Server and Secondary

➢ Update time Zone

➢ L
➢ Determine your wazuh IP first.

Enable emote Logging in PfSense


➢ Save.
➢ Now goto wazuh dashboard.

➢ Edit Configurations.
➢ Add this configurations.

➢ Now Decoder

➢ Add this configurations.


➢ Now goto Rules.

➢ Add this configurations.

➢ Save and restart.

Blocking Specific Countries’ s traffic

Configure and create rule on firewall

a. BLOCK specific countries (example china Russia etc.) traffic


1. Install PfBlockerNG package goto system /package manager/ available
packages, search PfBlockerNG this for Blocking GeoIP addresses.
2. Goto Firewall click on PfBlockerNG configure PfBlockerNG

3. Open pfBlockerNG Goto General to enable pfBlockerNG


4. IP Configuration and Maxmind licences key and ID first enable De-
Dublication and open
Browser search maxmind website for licence key sign in and generate licence key
and ID
5. Update the PfBlockerNG take some time for updating

6. Open PfblockerNG goto IP and select GeoIP for blocking countries edit any of
them do you want to block it, I want to block India, Afghanistan and Finland
select them list Action option Deny Both (inbound, outbound) and Enabling
Logging select disable save and update.

7.
8. Create firewall Alias and rules for blocking.

Add Firewall Rules in WAN


9. Test in Home Lab
Check for logs to Block countries or not go to status select syslog /firewall check it
to create firewall rules or not see in below screenshot:

Also check in wazuh manager for analysis to forward logs from pfsense see in below
screenshot:
Create Rules to Restrict Specific Websites
1. Install Squid and SquidGuard Packages
Go to System >Package Manager > Available Packages see in the below screenshot:

2. Configure Squid Proxy go to Services >Squid Proxy Server Enable Squid


Proxy.
3. Configure SquidGuard go to Services > SquidGuard Proxy Filter > General
then
Enable SquidGuard check it
4. Add Blacklist go to Common ACL add Target Rules List to block
Restricted sites I have Block Facebook and Tiktok on my site:

5. Create Custom Wazuh Rules for SquidGuard On Wazuh Manager Create


new Decoder first:
On wazuh Manager create new rules for squidguard:
6. Output of the following Rules and also check logs in pfsense and wazuh:
Administrator Privileges Rules
Configure Admin Access Rule:
Go to Firewall create rules on WAN:

Source Specific IP for admin (192.168.100.20)


Destination IP address Port 80, 443 or 22 for web GUI (192.168.100.30)
Add Rules to Block all other access

Source any and Destination port 80, 443, 22

Test in Home Lab:


Check pfsense logs:

Check in Wazuh Events

End of Task 02

You might also like