Scribd Logo
Upload

Welcome to Scribd!

  • Pfsense - Bloc de Notas

    Uploaded by

    Pablo
    32 views2 pages
    This document provides instructions for configuring a firewall and proxy server on a Pfsense system. It includes steps to: 1. Create an internal certificate authority and certificate for HTTPS on the firewall. 2. Define aliases for blocking specific services like Facebook, torrents, and botnets. 3. Create firewall rules to block the Facebook alias on HTTP and HTTPS, and allow DNS, HTTP, and HTTPS for the local network. 4. Disable IPv6 on the WAN interface, install and configure the Squid proxy package to cache content and filter access based on allowed subnets and blacklisted domains.

    Original Description:

    Original Title

    pfsense_ Bloc de notas

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides instructions for configuring a firewall and proxy server on a Pfsense system. It includes steps to: 1. Create an internal certificate authority and certificate for HTTPS on the firewall. 2. Define aliases for blocking specific services like Facebook, torrents, and botnets. 3. Create firewall rules to block the Facebook alias on HTTP and HTTPS, and allow DNS, HTTP, and HTTPS for the local network. 4. Disable IPv6 on the WAN interface, install and configure the Squid proxy package to cache content and filter access based on allowed subnets and blacklisted domains.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    32 views2 pages

    Pfsense - Bloc de Notas

    Uploaded by

    Pablo
    This document provides instructions for configuring a firewall and proxy server on a Pfsense system. It includes steps to: 1. Create an internal certificate authority and certificate for HTTPS on the firewall. 2. Define aliases for blocking specific services like Facebook, torrents, and botnets. 3. Create firewall rules to block the Facebook alias on HTTP and HTTPS, and allow DNS, HTTP, and HTTPS for the local network. 4. Disable IPv6 on the WAN interface, install and configure the Squid proxy package to cache content and filter access based on allowed subnets and blacklisted domains.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    CREAR CERTIFICADO PARA EL NAVEGADOR

    System/Certificate Manager/CA
    name: CA-INTERNA
    methid: Create an internal ca
    Country: CO
    State:Valle del Cauca
    City: Cali
    Organitation: Ca interna - test
    email: correo
    conmon name: internal-ca

    System/Certificate Manager/CERTIFICADO
    borramos el anterior
    method: Create an internal certificate
    namne: Cerfificado de firewall pfsense
    ca: CA-INTERNA
    type: server certyficate
    Conmon name:pfsense.localdomain
    Alternative name:pfsense.localdomain
    ADD
    ip: 192.168.16.254
    save
    system / advanced/https
    ssl certificate: el que creamos

    CREAR ALIAS PARA REGLAS FIREWALL


    BLOQUEAR FACEBOOK
    Alias
    Name: Facebook
    Desc: Servcio de redes sociales
    Type: hosts
    IP or FDQN: www.facebook.com

    Alias Bloquear puertos torrent


    Name: Torrent
    Desc: Puertos de torrent
    Type: Ports
    Port: 4030 4035 6012

    Alias bloquear botnet


    Name: botnet_rusia
    Desc: Redes Maliciosas
    Type: Networks
    Network or FQDN: 200.20.30.0

    Rules/Lan
    Actio:Block
    Source:LAN net
    Destino: Single host or alias: facebook
    port: Http(80)
    LOg: on
    Desc: Bloquear Facebook
    **Lo mismo para https

    Se borran las reglas que permiten todo y se crean reglas para


    dns, http y https
    Rules/Lan
    Actio:pass
    Source:LAN net
    Destino: any
    port: DNS(53)
    LOg: off
    Desc: Permitir DNS
    **Lo mismo para http/https

    Deshabilitar ipv6 en wan


    instalar squid: Package manager: buscar: squid
    ejecutar en diagnosticos:command pront: squid -f
    /usr/local/etc/squid/squid.conf -k parse
    En services: Squid Prozy Serve, ir a Local Cache:
    Hard disk cache:1000
    Level directorys: 16
    Memory cache: 256
    En General:
    Enable squid proxy
    Resolve DNS ipv4 first
    Visible hostname:Proxy-tes
    emal: elricondeltest@hotmail.com
    Error languaje: es
    Supress squid version: ok
    En ACLS
    Allowed subnets: 192.168.16.0/24
    Black list: se colocan los dominios a negar: cali.gov.co

    You might also like