Wouldn’t it be nice to be in control of every packet coming and going into your Private Home Network?…
At the moment if you have a basic home router (possibly provided by your ISP) and just a myriad of devices connected inside of your internal network, you probably have no firewall other than the basic ones that come with PC and Mac (if they’re activated. And they only protect your computer, nothing else). What this means is you are 100% at the mercy of your ISP to protect you from the outside, which isn’t saying much. To be in full control and at least full awareness of what is coming in AND out of your internal home network, you should deploy an internal firewall solution that YOU can control and peer through.
This guide is to help get you set up with a more robust and powerful firewall protecting your internal network from that dirty dirty internet. More advanced configurations will come in later posts. But if you can follow this and get prepared, there’s no telling what you’ll be able to identify and investigate coming in and out of your network, and this will be for every device on the inside that reaches back out to the world.
First, let’s talk about the software. pfSense is open source firewall that is extremely powerful, constantly updated and well maintained by the developers. You can learn much more about pfsense here. But for the TL;DR version it is extremely customizable, has advanced features such as VPN support and also contains everything you need at bare minimum just to harden a network from the outside. In general it gets the job done. The manual is huge and you can find a plethora of other manuals for pfSense written by industry experts as well. For me personally, the official manual is usually very thorough.
I learned about the Protectli line of hardware firewalls from my good friend Mike Bazzell (Not really I never met him before) while reading one of his famous OSINT books. Basically this guy is the industry go-to when it comes to disappearing from the internet, staying anonymous and finding almost anyone via OSINT techniques. So, when Mr. Bazzell recommended Protectli I thought it was a no brainer. Mind you, the devices can be a little pricey, but they do provide a nice range of hardware. I went with the 4 port vault pictured here:
If you only need the basics for now, I would recommend the 2 port model. There are other hardware firewall devices you can sink your teeth into, but since I went with Mr. Bazzell’s recommendation that’s what this post will stick with. Also, pfSense is open source so I’m sure it is compatible with other hardware firewalls out there for sure. In any regard, the same principles described in the video below should still apply in theory with other devices. After all, pfSense is the software and as stated previously open source. So go download the latest version, get it ready on a usb stick and let’s get to work!