Unix Server Tech Knowledge Base

User Tools

Site Tools

Trace:
other:networking:opnsense:quickreferences

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
other:networking:opnsense:quickreferences [2020/10/05 20:13] – created rodolicoother:networking:opnsense:quickreferences [2021/03/23 00:34] (current) rodolico
Line 1: Line 1:
 ====== opnSense Quick Reference ====== ====== opnSense Quick Reference ======
 +
 +===== Initial Setup =====
 +  * Do all firmware updates
 +  * System | Settings | Administration
 +    * Set console for serial, if you want
 +    * Enable SSH (Secure Shell)
 +    * Choose whether to allow root to log in, and whether to allow password auth
 +    * Set Serial Console if desired
 +    * Set Authentication Server to Local Database
 +    * Set parameter for sudo
 +  * System | Settings | Misch
 +    * Set hardware acceleration if your hardware supports it
 +    * Add swap file if memory low and you can spare 2G of disk
 +    * If you have plenty of memory, set /tmp as RAM disk: Generally uses less than a meg.
 +    * If you have plenty of memory and don't care if your logs survive a reboot, set /var to RAM disk.
  
 ===== Using extra ports on router for switch ===== ===== Using extra ports on router for switch =====
 https://www.thewichitacomputerguy.com/blog/how-setup-pfsense-opnsense-4-port-nic-switch-bridge https://www.thewichitacomputerguy.com/blog/how-setup-pfsense-opnsense-4-port-nic-switch-bridge
 +
 +===== GeoIP blocking =====
 +  - Create account at [[https://www.maxmind.com/en/geolite2/signup]]
 +    - Give valid e-mail address (used to send you the link)
 +    - My License Key | Generate Key
 +    - Do NOT use geoipupdate
 +    - Save key ID someplace safe
 +  - Create link
 +    - https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-Country-CSV&license_key=My_License_key&suffix=zip (replace My_License_key with yours)
 +    - Test by pasting link into browser. It will download a zip file
 +  - Create alias in opnSense
 +    - Firewall | Aliases | GeoIP
 +      - Enter URL
 +      - Click Apply
 +    - Firewall Aliases | New (Plus Sign)
 +      - Name - Something you can remember, alpha-numeric and underscored only
 +      - Type - GeoIP
 +      - Select regions/countries to be included
 +        - NOTE: If you are wanting to **exclude everything but** some countries, ie block all but, you can simply list the countries you want to have access, then use the **NOT** value in the rules
 +      - Enter an optional description
 +      - Click Apply
 +    - Firewall | Rules | WAN
 +      - Action - Block
 +      - Quick - Apply acction immediately on match (check box)
 +      - Interface - WAN
 +      - Direction - in
 +      - Source/Invert - Put a check if you need to invert the GeoIP selection
 +      - Source - name of alias you created for GeoIP
 +      - Everything else is any/any, ie don't allow to anyplace
 +      - Log - put a check in Log Packets if you want them kept in your logs
 +      - Category - Attacks
 +      - Description - Block access from other countries (or whatever you want
 +
 +**Note**: On the rules, order is important. Any Pass rule that exists prior to this rule will negate it. For example, if you have your VPN rules before this, VPN will work from other countries. Put this as high in the list as possible.
 +
 +===== Links =====
 +  * https://docs.opnsense.org/manual/how-tos/maxmind_geo_ip.html
 +  * https://docs.opnsense.org/manual/aliases.html
other/networking/opnsense/quickreferences.1601946788.txt.gz · Last modified: 2020/10/05 20:13 by rodolico