Re: [Skunkworks] pfSense firewall
Dear Alvin/Job, Sorry, I have gotten back to you late. I did a lab setup of pfSense 2.3 released in April and noted that the Mailwatch/Mailscanner packages were removed when pfsense changed from FastCGI to PHP-FPM. There are many other features that have been deprecated since. It is possible, though not recommended to install custom packages. If you have the courage, you can do a Mailwatch/Mailscanner install from source. FreeBSD packages aren't available in pfsense 2.3 making it a little harder to maintain custom packages. It might consider standalone mailfilter installation. Kennedy On 8 Apr 2016 11:48, "Kennedy Aseda" <samskid5@gmail.com> wrote: Alvin, Have you set up pfsense and tried out the email scanning feature to ascertain it doesn't work? http://pfsensesetup.com/mailscanner-installation-and-configuration/ I haven't personally done either pfsense or cyberoam but I am confident it mail scanning should be possible based on anecdotes of pfsense experts I have interacted with. Kennedy On 6 Apr 2016 11:40, "Alvin Jason Ochieng via skunkworks" < skunkworks@lists.my.co.ke> wrote:
Job,
Unfortunately it's not possible. Seen the diffrence btw the two manufacturers.
Regards,
On Wed, Apr 6, 2016 at 11:12 AM, Job Muriuki via skunkworks < skunkworks@lists.my.co.ke> wrote:
On the same topic of pfsense, is there a way to set it up to work like cyberroam to filter out spam and viruses with virus definitions updated on the fly?
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- ALVIN OCHOLA 0722-313923 www.greenline.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
Cheers Kennedy ! Great insight .... On Wed, May 4, 2016 at 6:01 PM, Kennedy Aseda <samskid5@gmail.com> wrote:
Dear Alvin/Job,
Sorry, I have gotten back to you late.
I did a lab setup of pfSense 2.3 released in April and noted that the Mailwatch/Mailscanner packages were removed when pfsense changed from FastCGI to PHP-FPM. There are many other features that have been deprecated since.
It is possible, though not recommended to install custom packages. If you have the courage, you can do a Mailwatch/Mailscanner install from source. FreeBSD packages aren't available in pfsense 2.3 making it a little harder to maintain custom packages.
It might consider standalone mailfilter installation.
Kennedy On 8 Apr 2016 11:48, "Kennedy Aseda" <samskid5@gmail.com> wrote:
Alvin,
Have you set up pfsense and tried out the email scanning feature to ascertain it doesn't work?
http://pfsensesetup.com/mailscanner-installation-and-configuration/
I haven't personally done either pfsense or cyberoam but I am confident it mail scanning should be possible based on anecdotes of pfsense experts I have interacted with.
Kennedy On 6 Apr 2016 11:40, "Alvin Jason Ochieng via skunkworks" < skunkworks@lists.my.co.ke> wrote:
Job,
Unfortunately it's not possible. Seen the diffrence btw the two manufacturers.
Regards,
On Wed, Apr 6, 2016 at 11:12 AM, Job Muriuki via skunkworks < skunkworks@lists.my.co.ke> wrote:
On the same topic of pfsense, is there a way to set it up to work like cyberroam to filter out spam and viruses with virus definitions updated on the fly?
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- ALVIN OCHOLA 0722-313923 www.greenline.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- ALVIN OCHOLA 0722-313923 www.greenline.co.ke
Kennedy, Did you try out *SNORT *while you were at it? Regards, Job Muriuki, Skype: heviejob On Thu, May 5, 2016 at 6:54 AM, Alvin Jason Ochieng <ajochola@gmail.com> wrote:
Cheers Kennedy !
Great insight ....
On Wed, May 4, 2016 at 6:01 PM, Kennedy Aseda <samskid5@gmail.com> wrote:
Dear Alvin/Job,
Sorry, I have gotten back to you late.
I did a lab setup of pfSense 2.3 released in April and noted that the Mailwatch/Mailscanner packages were removed when pfsense changed from FastCGI to PHP-FPM. There are many other features that have been deprecated since.
It is possible, though not recommended to install custom packages. If you have the courage, you can do a Mailwatch/Mailscanner install from source. FreeBSD packages aren't available in pfsense 2.3 making it a little harder to maintain custom packages.
It might consider standalone mailfilter installation.
Kennedy On 8 Apr 2016 11:48, "Kennedy Aseda" <samskid5@gmail.com> wrote:
Alvin,
Have you set up pfsense and tried out the email scanning feature to ascertain it doesn't work?
http://pfsensesetup.com/mailscanner-installation-and-configuration/
I haven't personally done either pfsense or cyberoam but I am confident it mail scanning should be possible based on anecdotes of pfsense experts I have interacted with.
Kennedy On 6 Apr 2016 11:40, "Alvin Jason Ochieng via skunkworks" < skunkworks@lists.my.co.ke> wrote:
Job,
Unfortunately it's not possible. Seen the diffrence btw the two manufacturers.
Regards,
On Wed, Apr 6, 2016 at 11:12 AM, Job Muriuki via skunkworks < skunkworks@lists.my.co.ke> wrote:
On the same topic of pfsense, is there a way to set it up to work like cyberroam to filter out spam and viruses with virus definitions updated on the fly?
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- ALVIN OCHOLA 0722-313923 www.greenline.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- ALVIN OCHOLA 0722-313923 www.greenline.co.ke
Job, Yes, I tested snort and it works pretty well though there are some http_inspect rules that trigger false positive events. You may need to add some od these rules to the supress list. Also, it might be better to enable specific snort rules that you need and build the ruleset as time goes by (there are autoconfigured rulesets based on your security posture that you can enable though). Other features that I tested and worked well included: Squid web proxy IPv4 1:1 NAT, NAT Reflection, Outbound NAT, Port forwarding, DHCP Server IPv6 Routing, SLAAC, DHCPv6 OpenVPN (password, password+certificate, push routes, client assistant, etc) Snort (ET rules, Snort VRT rules, Snort Community rules, Snort OpenAppID detectors) NTP Among others. Regards, Kennedy On 5 May 2016 08:07, "Job Muriuki" <muriukin@gmail.com> wrote:
Kennedy,
Did you try out *SNORT *while you were at it?
Regards, Job Muriuki,
Skype: heviejob
On Thu, May 5, 2016 at 6:54 AM, Alvin Jason Ochieng <ajochola@gmail.com> wrote:
Cheers Kennedy !
Great insight ....
On Wed, May 4, 2016 at 6:01 PM, Kennedy Aseda <samskid5@gmail.com> wrote:
Dear Alvin/Job,
Sorry, I have gotten back to you late.
I did a lab setup of pfSense 2.3 released in April and noted that the Mailwatch/Mailscanner packages were removed when pfsense changed from FastCGI to PHP-FPM. There are many other features that have been deprecated since.
It is possible, though not recommended to install custom packages. If you have the courage, you can do a Mailwatch/Mailscanner install from source. FreeBSD packages aren't available in pfsense 2.3 making it a little harder to maintain custom packages.
It might consider standalone mailfilter installation.
Kennedy On 8 Apr 2016 11:48, "Kennedy Aseda" <samskid5@gmail.com> wrote:
Alvin,
Have you set up pfsense and tried out the email scanning feature to ascertain it doesn't work?
http://pfsensesetup.com/mailscanner-installation-and-configuration/
I haven't personally done either pfsense or cyberoam but I am confident it mail scanning should be possible based on anecdotes of pfsense experts I have interacted with.
Kennedy On 6 Apr 2016 11:40, "Alvin Jason Ochieng via skunkworks" < skunkworks@lists.my.co.ke> wrote:
Job,
Unfortunately it's not possible. Seen the diffrence btw the two manufacturers.
Regards,
On Wed, Apr 6, 2016 at 11:12 AM, Job Muriuki via skunkworks < skunkworks@lists.my.co.ke> wrote:
On the same topic of pfsense, is there a way to set it up to work like cyberroam to filter out spam and viruses with virus definitions updated on the fly?
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- ALVIN OCHOLA 0722-313923 www.greenline.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- ALVIN OCHOLA 0722-313923 www.greenline.co.ke
One more question, were you running in a routed (without NAT) environment or bridge mode? On May 5, 2016 9:47 AM, "Kennedy Aseda" <samskid5@gmail.com> wrote:
Job,
Yes, I tested snort and it works pretty well though there are some http_inspect rules that trigger false positive events. You may need to add some od these rules to the supress list. Also, it might be better to enable specific snort rules that you need and build the ruleset as time goes by (there are autoconfigured rulesets based on your security posture that you can enable though).
Other features that I tested and worked well included: Squid web proxy IPv4 1:1 NAT, NAT Reflection, Outbound NAT, Port forwarding, DHCP Server IPv6 Routing, SLAAC, DHCPv6 OpenVPN (password, password+certificate, push routes, client assistant, etc) Snort (ET rules, Snort VRT rules, Snort Community rules, Snort OpenAppID detectors) NTP
Among others.
Regards, Kennedy On 5 May 2016 08:07, "Job Muriuki" <muriukin@gmail.com> wrote:
Kennedy,
Did you try out *SNORT *while you were at it?
Regards, Job Muriuki,
Skype: heviejob
On Thu, May 5, 2016 at 6:54 AM, Alvin Jason Ochieng <ajochola@gmail.com> wrote:
Cheers Kennedy !
Great insight ....
On Wed, May 4, 2016 at 6:01 PM, Kennedy Aseda <samskid5@gmail.com> wrote:
Dear Alvin/Job,
Sorry, I have gotten back to you late.
I did a lab setup of pfSense 2.3 released in April and noted that the Mailwatch/Mailscanner packages were removed when pfsense changed from FastCGI to PHP-FPM. There are many other features that have been deprecated since.
It is possible, though not recommended to install custom packages. If you have the courage, you can do a Mailwatch/Mailscanner install from source. FreeBSD packages aren't available in pfsense 2.3 making it a little harder to maintain custom packages.
It might consider standalone mailfilter installation.
Kennedy On 8 Apr 2016 11:48, "Kennedy Aseda" <samskid5@gmail.com> wrote:
Alvin,
Have you set up pfsense and tried out the email scanning feature to ascertain it doesn't work?
http://pfsensesetup.com/mailscanner-installation-and-configuration/
I haven't personally done either pfsense or cyberoam but I am confident it mail scanning should be possible based on anecdotes of pfsense experts I have interacted with.
Kennedy On 6 Apr 2016 11:40, "Alvin Jason Ochieng via skunkworks" < skunkworks@lists.my.co.ke> wrote:
Job,
Unfortunately it's not possible. Seen the diffrence btw the two manufacturers.
Regards,
On Wed, Apr 6, 2016 at 11:12 AM, Job Muriuki via skunkworks < skunkworks@lists.my.co.ke> wrote:
On the same topic of pfsense, is there a way to set it up to work like cyberroam to filter out spam and viruses with virus definitions updated on the fly?
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- ALVIN OCHOLA 0722-313923 www.greenline.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- ALVIN OCHOLA 0722-313923 www.greenline.co.ke
Job, The setup I had was IPv6 routed, IPv4 NAT. Both IPv4 and IPv6 routed is even easier...you just add the routes under routing. I didn't try out bridged mode. For snort, you just select the interface that snort should inspect. If your setup is bridged, then you select the bridge interface. This setup is independent of the NAT, Routed, IPv4, IPv6, etc. Kennedy On 5 May 2016 10:01, "Job Muriuki" <muriukin@gmail.com> wrote:
One more question, were you running in a routed (without NAT) environment or bridge mode? On May 5, 2016 9:47 AM, "Kennedy Aseda" <samskid5@gmail.com> wrote:
Job,
Yes, I tested snort and it works pretty well though there are some http_inspect rules that trigger false positive events. You may need to add some od these rules to the supress list. Also, it might be better to enable specific snort rules that you need and build the ruleset as time goes by (there are autoconfigured rulesets based on your security posture that you can enable though).
Other features that I tested and worked well included: Squid web proxy IPv4 1:1 NAT, NAT Reflection, Outbound NAT, Port forwarding, DHCP Server IPv6 Routing, SLAAC, DHCPv6 OpenVPN (password, password+certificate, push routes, client assistant, etc) Snort (ET rules, Snort VRT rules, Snort Community rules, Snort OpenAppID detectors) NTP
Among others.
Regards, Kennedy On 5 May 2016 08:07, "Job Muriuki" <muriukin@gmail.com> wrote:
Kennedy,
Did you try out *SNORT *while you were at it?
Regards, Job Muriuki,
Skype: heviejob
On Thu, May 5, 2016 at 6:54 AM, Alvin Jason Ochieng <ajochola@gmail.com> wrote:
Cheers Kennedy !
Great insight ....
On Wed, May 4, 2016 at 6:01 PM, Kennedy Aseda <samskid5@gmail.com> wrote:
Dear Alvin/Job,
Sorry, I have gotten back to you late.
I did a lab setup of pfSense 2.3 released in April and noted that the Mailwatch/Mailscanner packages were removed when pfsense changed from FastCGI to PHP-FPM. There are many other features that have been deprecated since.
It is possible, though not recommended to install custom packages. If you have the courage, you can do a Mailwatch/Mailscanner install from source. FreeBSD packages aren't available in pfsense 2.3 making it a little harder to maintain custom packages.
It might consider standalone mailfilter installation.
Kennedy On 8 Apr 2016 11:48, "Kennedy Aseda" <samskid5@gmail.com> wrote:
Alvin,
Have you set up pfsense and tried out the email scanning feature to ascertain it doesn't work?
http://pfsensesetup.com/mailscanner-installation-and-configuration/
I haven't personally done either pfsense or cyberoam but I am confident it mail scanning should be possible based on anecdotes of pfsense experts I have interacted with.
Kennedy On 6 Apr 2016 11:40, "Alvin Jason Ochieng via skunkworks" < skunkworks@lists.my.co.ke> wrote:
Job,
Unfortunately it's not possible. Seen the diffrence btw the two manufacturers.
Regards,
On Wed, Apr 6, 2016 at 11:12 AM, Job Muriuki via skunkworks < skunkworks@lists.my.co.ke> wrote:
> On the same topic of pfsense, is there a way to set it up to work > like cyberroam to filter out spam and viruses with virus definitions > updated on the fly? > > _______________________________________________ > skunkworks mailing list > skunkworks@lists.my.co.ke > ------------ > List info, subscribe/unsubscribe > http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks > ------------ > > Skunkworks Rules > http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 > ------------ > Other services @ http://my.co.ke >
-- ALVIN OCHOLA 0722-313923 www.greenline.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- ALVIN OCHOLA 0722-313923 www.greenline.co.ke
participants (3)
-
Alvin Jason Ochieng -
Job Muriuki -
Kennedy Aseda