Configuring pfSense Firewall for Home Network

Jul 10, 2024

Configuring pfSense Firewall for Home Network

Introduction

  • Tom from Orange Systems discusses appropriate firewall rules for home network using pfSense.
  • Focus on personal home setup: Plex server, MB server, TrueNAS, Synology, and cameras.
  • Overall goal: Secure and efficient network configuration.

Home Network Components

  • Plex and MB Server: For home media streaming.
  • TrueNAS and Synology: NAS devices for media storage and backups.
  • Cameras: Surveillance, with rules generally applicable for Unify cameras as well.
  • Others: Chromecast, gaming systems, smart TVs, IoT devices, etc.

Network Segmentation

  • IoT Devices: Include phones, gaming systems, Chromecast, smart TV, guest devices, etc.
    • Should be placed in a dedicated IoT network (NSFW category) to isolate from main network.
    • Facilitates easier media streaming and control without subnetwork complications.
  • Admin Network (LTS Tom Network): Contains management interfaces and admin devices.
    • Admin interfaces for TrueNAS, Synology, Unified Controllers, etc.
  • Camera Network (Cam LAN): Dedicated to cameras, with minimal internet access.
    • Cameras can talk to Synology but cannot access the internet to mitigate security risks.

Specific Firewall Rules

  • General Firewall Rules:

    • No external access directly; use VPN (WireGuard or OpenVPN).
    • No NAT rules; reduce risks by eliminating open ports.

  • NSFW LAN Rules:

    • Block access to firewall service ports (e.g., web admin, SSH).
    • Block access to admin network and camera network from NSFW LAN.
    • Route certain traffic through privacy VPN.
    • Allow general access for media streaming devices, phones, guest devices.

  • Camera Network Rules:

    • Block access to firewall ports but allow DHCP, DNS, and NTP for time synchronization.
    • Connect to Synology for storage without internet access.
    • Isolate from all other networks to prevent lateral movement from compromised devices.

  • Admin Network (LTS Tom Network) Rules:

    • Allow all traffic but restrict specific admin interfaces to this network.
    • Synology, TrueNAS have interfaces on admin network for management; limit their access from other networks.

VPN Configuration

  • Utilize VPN (WireGuard and OpenVPN) for remote access instead of opening ports.
  • VPNs provide a secure way to manage network without exposing services to the internet.

Optional Tools

  • PFBlocker: For enhanced security, prevent unwanted inbound/outbound traffic.
  • Suricata: Network security monitoring tool, may be overkill for simple home setup but useful for learning.

Conclusion

  • Focus on least privilege principle: narrow scope of connections and permissions.
  • Examples and specific rules help in maintaining a secure home network setup.
  • Resources for further learning and community support available on forums and channel.

Additional Resources

  • Link to other videos on setting up VLANS, subnets, pfBlocker, Suricata, and more.
  • Forums for advanced discussions and community support.

Support and Contact

  • Follow on YouTube for more content, tutorials, and updates.
  • Support via affiliate links, Patreon, and merchandise store.
  • Visit forums for detailed discussions and help.

Full transcript