Written on April 2, 2016
pfSense is a FreeBSD-based firewall/security-focused distribution. It can act as a firewall, router, DHCP server, DNS server. It also has a package manager with some security related packages. I’ve been playing around with it for the past couple of weeks.
I currently have it set up in a VM with access to my ethernet interface. My host OS then gets it’s IP address from the guest VM (so basically all my host traffic has to go through the pfSense VM).
I have installed the Snort, Squid, and Squidguard packages. Snort is some intrusion detection software that has been around awhile. I would like to have more experience with it, but haven’t had the time (currently getting a lot of false (hopefully) positives). I set up Squid and Squidguard today. Squid is a proxy that can cache websites for you (this would only really be helpful if I was downloading the same files/webpages repeatedly) and it can also scan files that you try to download for viruses (it uses ClamAV and can regularly update the virus definition file). I tested it out with the EICAR test files and it blocked them all. Squidguard basically looks at domains and IPs that you try to connect to and if they are in your blacklists, you can’t go to them. You can find huge sets of blacklists to download and configure them accordingly so that you can automatically block domains/IPs associated with ads, spyware, hacking, news, politics, etc.