Firewall Rules

Here I show how to configure OPNsense Firewall rules.

We need firewall rules so that only the kali vm can talk to whatever vulnerable machines we are pentesting and so that the vulnerable machines don't have access to the internet or your host OS.

We will first configure CyberRange.

Click Firewall > Rules > CyberRange then the red Plus (+) to the right to add a rule.

First Rule:

Action: Block

Interface: CyberRange

TCP/IP Version: IPv4+IPv6

Destination: WAN net

Description: Block access to any on same network as host OS

Click save.

Should look like this.

Cyber Range Isolated Rules

Action: Pass

Interface CyberRangeIsolated

TCP/IP Version: IPv4

Destination: Single host or Network = 10.0.0.2/32

Description: Allow packets to kali vm

Click save and add another rule.

Set to 32 for single host

Second Isolated Rule:

TCP/IP Version: IPv4+IPv6

Protocol: TCP/UDP

Source: CyberRangeIsolated net

Destination: CyberRangeIsolated address

Destination Port range: DNS (53)

Description: Allow local DNS lookups.

Click save and add one more rule.

Last Rule for Cyber Range Isolated:

Action: Block

TCP/IP Version: IPv4+IPv6

Source: CyberRangeIsolated net

Description: Block access to everything.

Yours should look similar

AD-LAB Rules

Action: Block

Interface: AD_LAB

TCP/IP Version: IPv4 + IPv6

Destination:Isolated net

Description: Block packets to Isolated network

Click Save

Add another rule:

Action: Block

TCP/IP Version: IPv4+IPv6

Destination: WAN net

Description: Block packets to host network.

Click save

Add one final rule:

Action: Pass

TCP/IP Version: IPv4+IPv6

Description: Allow access to all other subnets and internet

Click Save and Apply changes.

Yours should look similar