Book Image

Mastering pfSense - Second Edition

By : David Zientara
Book Image

Mastering pfSense - Second Edition

By: David Zientara

Overview of this book

pfSense has the same reliability and stability as even the most popular commercial firewall offerings on the market – but, like the very best open-source software, it doesn’t limit you. You’re in control – you can exploit and customize pfSense around your security needs. Mastering pfSense - Second Edition, covers features that have long been part of pfSense such as captive portal, VLANs, traffic shaping, VPNs, load balancing, Common Address Redundancy Protocol (CARP), multi-WAN, and routing. It also covers features that have been added with the release of 2.4, such as support for ZFS partitions and OpenVPN 2.4. This book takes into account the fact that, in order to support increased cryptographic loads, pfSense version 2.5 will require a CPU that supports AES-NI. The second edition of this book places more of an emphasis on the practical side of utilizing pfSense than the previous edition, and, as a result, more examples are provided which show in step-by-step fashion how to implement many features.
Table of Contents (15 chapters)

SSH login

In the previous chapter, we referred several times to configurations that can be done at the pfSense console. The same functionality is available via remote SSH login, if you enable it.

  1. To do so, navigate to System | Advanced. Make sure the Admin Access tab is selected and scroll down to the Secure Shell section of the page.
  2. Check the Secure Shell Server checkbox to enable SSH login.
  3. If all you want to do is enable traditional login via the standard SSH port (22), then you can click on the Save button at the bottom of the page.
  4. If you want to change the login port, you can do so by entering a port number other than 22 in the SSH port edit box. Changing the SSH port is a good additional security measure, especially if you plan on making SSH login accessible from the WAN side of the firewall.
  5. If you set a strong password, SSH login should be pretty secure, but you can...