Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

Security How To

IP-Blocklist

IP Blocking is another tool for securing your network, by preventing a user from accidentally inviting in players whose only interest is wreaking havoc.

IP-Blocklist is another pfSense package that blocks specific IP addresses and ranges of IP addresses from accessing your network. Common IP Address lists include known compromised hosts, spammers, spyware, and egregious advertisers – you can find all sorts of lists on iBlocklist.com, a clearing house for list maintainers.

Once installed and enabled, you’ll need to provide a set of URLs that point to the lists you want to use (Figure 11). Each URL must point to a gzipped file.

To do this you need to de-reference the URLs from iBlocklist. The easiest way to do this is to first download the list, then use your browser’s download manager get the URL to enter.

IP blocklist

Figure 11: IP blocklist

Other Packages

Cerberus has several “lesser” packages installed (Figure 12). These provide mostly expanded monitoring capabilities and enabling identification of performance issues and possible intrusions such as traffic irregularities.

Other PFSense packages

Figure 12: Other pfSense packages

Security Tips

It has been recently reported that routers configured and administered via a Web GUI can be vulnerable to “Man in the Middle” attacks. There are some basic hygiene steps you can take to prevent this from happening to you. These steps apply to any networking product that has a web interface.

  • Change all the defaults to personalized values; change the default IP address from 192.168.1.1; change the default user from ‘admin’.
  • Use a separate browser to administer and monitor your router. If you use Firefox for web browsing, use Chrome to administer your router.
  • Use HTTPS instead of HTTP to access your router.
  • Use a unique strong password (need it be said?)
  • Unless you have a compelling reason to do so, do not allow for remote administration.
  • Review your system and traffic logs from time to time, looking for any unusual traffic.

Conclusion

After installing my first pfSense router, I was surprised to see my network constantly under siege; packet after packet, scan after scan poking and prodding my home network. This converted me to a true believer in IDS as I became enamored with pfSense and its impressive capabilities. So this begs the question, why doesn’t everyone run one of these puppies?

It strikes me that that $400 dollars is not a lot of money to spend on an intrusion detection appliance that allows the user to be confident that the machines they rely on, on their home network, haven’t become zombified members of a global botnet.

If you look at commercial IDS appliances, you’ll see the price for this DIY solution is in the ballpark. But it comes without subscription prices, generally offers better performance and, as an open platform, is wholly extensible.

The next logical step for Cerberus is to add an LCD display to the front, for bandwidth monitoring and intrusion alerts. Both pfSense and the Antec case can support a nice display. Replacing the wireless bridge with the Asus PCE-N13 would also reduce the cable tangle behind the router. And maybe we'll install Tarpit for a little fun…

More Stuff

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

I can't give you anything more than package because I am not a plex user.I just packed pre-compiled binary into entware ipk to install easily.You have...
Howdy all,I am writing this in hopes of getting some advice from people who are more experienced with NAS devices than myself. I currently use Onedriv...
Hi,RT-AC86C 384.12_alpha1-g40c9e42009Apologies if this has been covered, I looked but could not find a specific response.I am using Smart Connect on t...
After 4 days, Port Forwarding rule disappears from router. It can be easily reentered and will persist for approximately the same period, before disap...
I live in a complex that has great broadband. I have been annoyed with my Linksys's inability to keep things running, and since my alexa stuff does no...

Don't Miss These

  • 1
  • 2
  • 3