FINALLY setup a pfsense box! Any recomendations for settings other than default?

Discussion in 'Networking & Security' started by IceDigger, Jun 9, 2018.

  1. IceDigger

    IceDigger [H]ardForum Junkie

    Messages:
    10,652
    Joined:
    Feb 22, 2001
    FINALLY setup a pfsense box! Any recomendations for settings other than default for a newbie?

    Box specs...
    Intel C2D 8500, 4GB DDR3 RAM, 120GB Junk SSD Drive, 2x Intel Gigabit PCIE NICs
     
  2. Farva

    Farva King of borked Picture links

    Messages:
    35,831
    Joined:
    Feb 3, 2004
    I would say pfblocker, but on 2.4.3, it is a resource hog.
     
  3. ChRoNo16

    ChRoNo16 [H]ard|Gawd

    Messages:
    1,216
    Joined:
    Feb 3, 2011
    I wouldnt do a whole lot more than that. you can add a few things, I typically add a spam filter of sorts or an ad blocker to help keep some of the nasty at bay. other that that I generally dont install a lot of services.
     
  4. IceDigger

    IceDigger [H]ardForum Junkie

    Messages:
    10,652
    Joined:
    Feb 22, 2001
    Just enabled that and the ram usage went up 4% :D
     
  5. Farva

    Farva King of borked Picture links

    Messages:
    35,831
    Joined:
    Feb 3, 2004
    Now start blocking IPs by country and create these block lists:

    Ad Blocking
    http://someonewhocares.org/hosts/hosts
    http://someonewhocares.org/hosts/zero/
    https://raw.githubusercontent.com/quidsup/notrack/master/trackers.txt
    https://adaway.org/hosts.txt
    https://hosts-file.net/fsa.txt
    http://sysctl.org/cameleon/hosts
    https://osint.bambenekconsulting.com/feeds/dga-feed.gz
    https://hosts-file.net/download/hosts.zip
    http://www.hostsfile.org/Downloads/hosts.txt
    https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&mimetype=plaintext
    https://jasonhill.co.uk/pfsense/ytadblock.txt
    https://jasonhill.co.uk/pfsense/blocklists.txt
    https://jasonhill.co.uk/pfsense/ad_servers_dnsbl.txt
    https://gist.githubusercontent.com/...189347e35c0070a9e4de76fde2adb271/liste_fr.txt
    https://gist.githubusercontent.com/...90eb2ac8bdc01af3008d728b7c0f10dc7b2506b4/MS-3
    https://gist.githubusercontent.com/...b344ebc9475acdea1fae38a12c4ea9332838a184/MS-1
    http://winhelp2002.mvps.org/hosts.txt
    http://adblock.gjtech.net/?format=unix-hosts
    https://jansal.googlecode.com/svn/trunk/adblock/hosts
    http://optimate.dl.sourceforge.net/project/adzhosts/HOSTS.txt
    https://github.com/StevenBlack/hosts/raw/master/hosts
    https://github.com/yous/YousList/raw/master/hosts.txt


    Alien Vault
    https://reputation.alienvault.com/reputation.generic

    Autofill blocking
    https://gist.githubusercontent.com/...f0996cf5248657ada2adb396f3636be8716b99eb/MS-4

    blocklist.de
    https://www.blocklist.de/downloads/export-ips_all.txt
    https://www.blocklist.de/downloads/export-ips_apache.txt
    https://www.blocklist.de/downloads/export-ips_courierimap.txt
    https://www.blocklist.de/downloads/export-ips_courierpop3.txt
    https://www.blocklist.de/downloads/export-ips_imap.txt
    https://www.blocklist.de/downloads/export-ips_pop3.txt
    https://www.blocklist.de/downloads/export-ips_postfix.txt
    https://www.blocklist.de/downloads/export-ips_proftpd.txt
    https://www.blocklist.de/downloads/export-ips_ssh.txt
    https://www.blocklist.de/downloads/dnsbl/all.list
    https://www.blocklist.de/downloads/dnsbl/allinone.list

    Disconnect.me
    https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
    https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
    https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt

    Dshield
    https://feeds.dshield.org/top10-2.txt
    https://feeds.dshield.org/block.txt
    https://secure.dshield.org/feeds/suspiciousdomains_Low.txt
    https://dshield.org/feeds/suspiciousdomains_Medium.txt
    https://dshield.org/feeds/suspiciousdomains_High.txt


    Emerging Threats
    https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt
    https://rules.emergingthreats.net/blockrules/compromised-ips.txt
    http://www.ciarmy.com/list/ci-badguys.txt

    FireHOL
    *https://iplists.firehol.org/
    https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level1.netset
    https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level2.netset
    https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level3.netset
    https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level4.netset

    Malware
    https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
    https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/porn/hosts
    https://mirror1.malwaredomains.com/files/justdomains
    https://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt
    https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt
    https://ransomwaretracker.abuse.ch/downloads/LY_PS_IPBL.txt
    https://ransomwaretracker.abuse.ch/downloads/TL_C2_IPBL.txt
    https://ransomwaretracker.abuse.ch/downloads/RW_URLBL.txt
    https://isc.sans.edu/feeds/suspiciousdomains_Low.txt
    https://mirror1.malwaredomains.com/files/immortal_domains.txt
    https://mirror1.malwaredomains.com/files/domains.txt
    http://www.malwaredomainlist.com/hostslist/ip.txt
    http://www.malwaredomainlist.com/mdlcsv.php
    http://www.malwaredomainlist.com/updatescsv.php
    http://www.malwaredomainlist.com/hostslist/mdl.xml
    http://www.malwaredomainlist.com/hostslist/zeus.xml
    http://www.malwaredomainlist.com/zeuscsv.php
    http://www.malwaredomainlist.com/hostslist/hosts.txt
    http://www.malwaredomainlist.com/hostslist/yesterday.php
    http://www.malwaredomainlist.com/hostslist/yesterday_urls.php
    http://www.malwaredomainlist.com/hostslist/spyeye.xml
    http://hosts-file.malwareteks.com/HOSTS-NOPHAFSA-Optimized.txt
    http://www.networksec.org/grabbho/block.txt
    https://malc0de.com/bl/BOOT
    https://malc0de.com/bl/IP_Blacklist.txt
    https://raw.githubusercontent.com/Dawsey21/Lists/master/main-blacklist.txt
    http://osint.bambenekconsulting.com/feeds/dga-feed.gz
    http://osint.bambenekconsulting.com/feeds/c2-dommasterlist.txt
    http://osint.bambenekconsulting.com/feeds/c2-ipmasterlist.txt
    http://tracker.h3x.eu/
    http://tracker.h3x.eu/about/400
    https://feodotracker.abuse.ch/blocklist/?download=ipblocklist
    https://sslbl.abuse.ch/blacklist/sslipblacklist.csv
    https://sslbl.abuse.ch/blacklist/dyre_sslipblacklist.csv
    https://www.abuseat.org/iotcc.txt
    http://danger.rulez.sk/projects/bruteforceblocker/blist.php
    https://palevotracker.abuse.ch/blocklists.php?download=ipblocklist
    https://pfblockerlists.smallbusinesstech.net/hackerlist.txt

    No Coin
    https://raw.githubusercontent.com/ZeroDot1/CoinBlockerLists/master/hosts_browser
    https://raw.githubusercontent.com/Hestat/minerchk/master/minerlist-all.txt
    https://raw.githubusercontent.com/hoshsadiq/adblock-nocoin-list/master/hosts.txt

    Phishing
    https://www.openphish.com/feed.txt
    http://data.phishtank.com/data/online-valid.csv

    Sentinel IPS
    http://cinsscore.com/list/ci-badguys.txt

    Snort
    https://labs.snort.org/feeds/ip-filter.blf

    Spamhaus
    https://www.spamhaus.org/drop/drop.txt
    https://www.spamhaus.org/drop/edrop.txt
    https://www.spamhaus.org/drop/dropv6.txt

    Squid Black List
    http://www.squidblacklist.org/downloads/drop.malicious.rsc
    http://www.squidblacklist.org/downloads/sbl-tornodes.rsc
    http://www.squidblacklist.org/downloads/tik-dns-ads.rsc
    http://joshaven.com/malc0de.rsc
    http://joshaven.com/openbl.rsc

    Talos
    http://talosintel.com/feeds/ip-filter.blf

    TOR
    https://www.dan.me.uk/torlist/
    https://panwdbl.appspot.com/lists/ettor.txt

    uBlock Origin
    https://raw.githubusercontent.com/I...k-Filters-Plus/master/uBlock-Filters-Plus.txt

    Windows Lies
    https://raw.githubusercontent.com/WindowsLies/BlockWindows/master/hostslist
    http://jasonhill.co.uk/pfsense/microsoft_domains.txt

    Youtube ads
    https://jasonhill.co.uk/pfsense/ytadblock.txt

    Zues Tracker
    *https://zeustracker.abuse.ch/blocklist.php
    https://zeustracker.abuse.ch/blocklist.php?download=badips
    https://zeustracker.abuse.ch/blocklist.php?download=ipblocklist
    https://zeustracker.abuse.ch/blocklist.php?download=baddomains
    https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist
    https://zeustracker.abuse.ch/blocklist.php?download=compromised