- Setting up pfSense and it doesn’t boot? Hit escape to load the pre-exec envrionment (OK prompt), then:
set kern.vty=sc
boot
Be sure to add this to /boot/loader.conf for permanence!
This sets the terminal to system console.
- Interfaces – WAN – turn off “prevent access from RFC 1918”; save; then Firewall > WAN > allow access from your trusted subnet. This allows you to configure on your current internet, instead of setting up a LAN connection.
- Change Admin PW, duh!
- Packages! pfBlockerNG. snort.
- Port Knocking? Susceptible to replay attacks, but there are encrypted new versions avail. I still like it though 🙂
- DNS Capture? Oh yeah. https://blog.flippedbits.io/2020/07/wrangling-dns-on-your-network-part-2-forcing-pfsense-dns/
- (Part 3 talks about setup for pfBlockerNG)