I’m running pfSsince 2.7.2 and I’m looking to make sure it’s as secure as possible other than the base install. What can I do to improve it security what settings are recommended besides PF blocker and snort recommendations are suggested to improve security.
If you are running multiple VLAN’s it’s important to restrict traffic between them.
Don’t go beyond the base install.
Let your router do one thing, route and block (ok two things). Use VMs or containers for all other services. Or a separate box if you need a gui.
Also, hide your pfsense gui on loop back and use ssh keys.
ditto on this suggestion. figure out what each vlan purpose is and make certain your only allowing host to host to port between them that needs to be and block everything else. guess vlan make sure they have no access to anything but internet. as for other security, depends what your trying to accomplish. oh yeah, make sure your management portal and SSH is only available from a specified vlan or hosts. Definitely not the Internet. Someone mentioned SSH keys. if you dont need SSH, disable it all together, but if you need it, use keys, just some basic thoughts without knowing what your looking for