Here I show how to configure OPNsense Firewall rules.
We need firewall rules so that only the kali vm can talk to whatever vulnerable machines we are pentesting and so that the vulnerable machines don't have access to the internet or your host OS.
We will first configure CyberRange.
Click Firewall > Rules > CyberRange then the red Plus (+) to the right to add a rule.
First Rule:
Action: Block
Interface: CyberRange
TCP/IP Version: IPv4+IPv6
Destination: WAN net
Description: Block access to any on same network as host OS
Click save.
Should look like this.
Cyber Range Isolated Rules
Action: Pass
Interface CyberRangeIsolated
TCP/IP Version: IPv4
Destination: Single host or Network = 10.0.0.2/32
Description: Allow packets to kali vm
Click save and add another rule.
Set to 32 for single host
Second Isolated Rule:
TCP/IP Version: IPv4+IPv6
Protocol: TCP/UDP
Source: CyberRangeIsolated net
Destination: CyberRangeIsolated address
Destination Port range: DNS (53)
Description: Allow local DNS lookups.
Click save and add one more rule.
Last Rule for Cyber Range Isolated:
Action: Block
TCP/IP Version: IPv4+IPv6
Source: CyberRangeIsolated net
Description: Block access to everything.
Yours should look similar
AD-LAB Rules
Action:Block
Interface: AD_LAB
TCP/IP Version: IPv4 + IPv6
Destination:Isolated net
Description: Block packets to Isolated network
Click Save
Add another rule:
Action: Block
TCP/IP Version: IPv4+IPv6
Destination: WAN net
Description: Block packets to host network.
Click save
Add one final rule:
Action: Pass
TCP/IP Version: IPv4+IPv6
Description: Allow access to all other subnets and internet
