This repository has been archived by the owner on Oct 4, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 89
/
Copy pathEtapa-013-Firewall-Rules-WAN.txt
150 lines (138 loc) · 4.61 KB
/
Etapa-013-Firewall-Rules-WAN.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
Autor: Robson Vaamonde
Procedimentos em TI: http://procedimentosemti.com.br
Bora para Prática: http://boraparapratica.com.br
Robson Vaamonde: http://vaamonde.com.br
Facebook Procedimentos em TI: https://www.facebook.com/ProcedimentosEmTi
Facebook Bora para Prática: https://www.facebook.com/BoraParaPratica
Instagram Procedimentos em TI: https://www.instagram.com/procedimentoem
YouTUBE Bora Para Prática: https://www.youtube.com/boraparapratica
LinkedIn Robson Vaamonde: https://www.linkedin.com/in/robson-vaamonde-0b029028/
Data de criação: 25/08/2021
Data de atualização: 03/10/2021
Versão: 0.04
Testado e homologado no Firewall NG UTM Netgate pfSense 2.4.x e 2.5.x
Atualização da versão do pfSense 2.5.2: https://docs.netgate.com/pfsense/en/latest/releases/2-5-2.html
Versão anterior do pfSense 2.5.1: https://docs.netgate.com/pfsense/en/latest/releases/21-02-2_2-5-1.html
Versão base do pfSense 2.5.0: https://docs.netgate.com/pfsense/en/latest/releases/2-5-0.html
Introdução à regras de firewall: https://docs.netgate.com/pfsense/en/latest/firewall/index.html
Configuração das Regras de Firewall: https://docs.netgate.com/pfsense/en/latest/firewall/configure.html
Permitindo acesso remoto ao GUI: https://docs.netgate.com/pfsense/en/latest/recipes/remote-firewall-administration.html
Evitando que o tráfego RFC1918 saia de uma interface WAN: https://docs.netgate.com/pfsense/en/latest/recipes/rfc1918-egress.html
Conexão via Console do pfSense: https://docs.netgate.com/pfsense/en/latest/hardware/connect-to-console.html
Conexão via SSH do pfSense: https://docs.netgate.com/pfsense/en/latest/recipes/ssh-access.html#enable-ssh-via-gui
Conceder aos usuários acesso ao SSH: https://docs.netgate.com/pfsense/en/latest/recipes/ssh-access.html#ssh-keys
Configurando o suporte ao HTTPS do pfSense: https://docs.netgate.com/pfsense/en/latest/config/advanced-admin.html
Alterando a Porta do HTTPS do pfSense
System
Advanced
webConfigurator
Protocol: HTTPS
Port: 10443
Alterando a Porta do Serviço do SSH (Secure Shell) do pfSense
System
Advanced
Secure Shell
SSH port: 10222
Save
Configurando a liberação do Protocolo ICMP na Interface WAN do pfSense
Firewall
Rules
WAN
ADD
Edit Firewall Rule
Action: Pass
Disabled: OFF
Interface: WAN
Address Family: IPv4
Protocol: ICMP
ICMP Subtypes:
Echo Reply
Echo Request
Source
Source: any
Destination
Destination: WAN Address
Extra Options
Log: ON
Description: Liberação do Protocolo ICMP na Interface WAN
Save
Apply Changes
Configurando a liberação de acesso remoto ao WebGui do pfSense utilizando o Protocolo HTTPS
Firewall
Rules
WAN
ADD
Edit Firewall Rule
Action: Pass
Disabled: OFF
Interface: WAN
Address Family: IPv4
Protocol: TCP
Source
Source: any
Advanced: Default
Destination
Destination: WAN Address
Destination Port Range: From: 10443 To: 10443
Extra Options
Log: ON
Description: Liberação do acesso remoto ao WebGui do pfSense
Save
Apply Changes
Configurando a liberação de acesso remoto ao Console do pfSense utilizando o Protocolo SSH
Firewall
Rules
WAN
ADD
Edit Firewall Rule
Action: Pass
Disabled: OFF
Interface: WAN
Address Family: IPv4
Protocol: TCP
Source
Source: any
Advanced: Default
Destination
Destination: WAN Address
Destination Port Range: From: 10222 To: 10222
Extra Options
Log: ON
Description: Liberação do acesso remoto ao Console do pfSense
Save
Apply Changes
+ Separator
Liberação do acesso remoto do WebGui e Console do pfSense
Save
Gerando a Chave Pública do SSH para a autenticação do usuário vaamonde no pfSense
Terminal
ssh-keygen
Enter file in which to save the key (/home/vaamonde/.ssh/id_rsa): /home/vaamonde/.ssh/id_rsa_pfsense <Enter>
Enter passphrase (empty for no passphrase): <Enter>
Enter same passphrase again: <Enter>
cd /home/vaamonde/.ssh/
ls -lh
cat id_rsa_pfsense.pub
Criação do usuário de acesso remoto no pfSense
System
User Manager
Users
+ADD
User Properties
Defined USER
Disable: OFF
Username: robson
Password: pti@2018
Confirm Password: pti@2018
Full name: Robson Vaamonde
Expiration date: OFF
Custom Settings: OFF
Group membership: Member of: boraparapratica
Certificate: OFF
Keys
Authorized SSH Keys: (copiar e colocar a chave RSA do SSH)
IPsec Pre-Shared Key: Default
Save
Testando o acesso remoto ao pfSense
Navegador: https://Endereço_IPv4_WAN:10443
SSH: ssh -p 10222 usuário@Endereço_IPv4_WAN