pfSense basics
Objective
Simple cheat sheet or quick notes follwing some recent pfSense deployment.
Prerequisites
A working Ubuntu server or instance with SSH connectivity and internet access, that’s it.
User
Default credentials for a pfSense software installation:
| username | password | |
|---|---|---|
| GUI: | admin | root |
| SSH: | pfsense | pfsense |
Reset password
To revert the password to default, you need to have access to the console (CLI), once you have the access choose option #8, this will open the shell access, and here you will write the following command: /etc/rc.initial.password.
Security Rules
Quick and Easy with EasyRule
EasyRule available in GUI and CLI allow quick add of firewall rules.
To Block use : easyrule block wan <IP_SRC>
To Pass from a source a protocol with destination port : easyrule pass wan tcp <IP_SRC> <IP_DST> <PORT>
To Pass from a source protocol only : easyrule pass wan icmp <IP_SRC> <IP_DST>
So I my case where we needed to access the GUI from the WAN, we can run the following easyrule pass wan tcp any any 443 or also easyrule pass wan tcp any any 22.
For the ssh connectivity, we can then use port forwarding ssh -L 6543:<LAN_IP>:443 root@<WAN_IP> then using a web browser with https://localhost:6543
Do not try - Disable pf
One solution also, disable completly pf with pfctl -d.
Action seems to be temporary and should be enabled whenever a firewall rule change is made through GUI.
Documentation & Links
The official Netgate Documentation
What’s next
We’ll see.