0xBEN’s Firewall Configuration Guide

This section is based on 0xBEN’s pfSense Firewall Congiruation Guide.

I have added additional notes which might be relevant for VMware, as well as repeated some things for my own reference.

Log Into The Web Portal

This section basically follows 0xBEN’s guide, and does not differ for a VMware based network.

In this module, we will log into the pfSense web portal and configure firewall rules using our Kali VM.

Fireup your browser, and go to:

Accept the risk and continue: warning!

The default credentials are:

- Username: admin
- Password: pfsense

Click Next (again). Fill out the Hostname and Domain. Uncheck Overide DNS. Click Next.

hostname: pfSense
domain: cyber.range

Double check your timezone and click Next.

Scroll down and uncheck this box. We’re double-NAT, which means that the WAN network is also a private network, so we want to allow this. Click Next.

rfc1918Kali IP

Leave this alone. Click Next. Leave me alone!

Change the admin password. Save it in a password vault. Click Next.

Click Reload and wait for the web configurator to refresh. Click Finish.

Hopefully you’ll see this Dashboard: Dashboard

Set up the Firewall Rules - Follow 0xBEN’s Guide

Some things to check:

  • Log into your Kali VM, and check that you have a static IP of

  • Make sure your firewall rules are in the proper order and your final settings match the desired end state

    • My initial settings for the ISOLATED subnet were in the wrong order, resulting in Kali able to ping a VM in ISOLATED, but not vice versa

    • My original settings - note the order of the rules Wrong Order

    • Desired end state Desired End State

I was pleasantly surprised how user friendly it was to configure the firewall rules in pfSense. It has come a long way from manually setting IPTABLES etc.

Let’s add some Vulernable VMs!

Previous Section - Installing Kali

Next Section - Adding Vulernable VMs