Home Firewall - Protectli Box using PF Sense

Protectli PFsense Firewall Jan 2022713×708 49.9 KB

Just installed this monster!! Home firewall using a Protectli box, PFsense software and my VPN provider.

I’m hesitantly calling it mission success on first try, because it has dropped connection twice already, but a quick reboot/login fixed it, so I have a lot of homework to do yet in the settings and setup. But wanted to encourage others to check this option out as a robust way to stay private on your whole home network.

At first, I ran VPN (PIA) for years on phone and computers, with the need to login on each device every time.

Then I discovered the small travel router called a Beryl (GL iNet) which works excellent, it’s about $80 so not too crazy, very portable if you travel a lot, and handles reasonable speeds for general email/browsing needs. I find this still a good option unless you need blazing fast speeds.

But this upgrade is excellent, it provides a firewall where you have many options; I chose to use PF sense software and my PIA account on it, which means anything I connect to this thing is behind the VPN, with the need for only one login. Still nice to have the VPN on the phone for when traveling outside of home network, but on the Protectli firewall box, everything is protected. (I plan to switch to a home brew VPN or maybe Proton VPN when my PIA runs out, still researching that stuff)

You can hook up wifi router, configure an open port for streaming Netflix/gaming, etc and comes in 2 port, 4 port or 6 port models, I’m using the 4 port which is overkill for most, but wasn’t that much more spendy than the 2 port. They aren’t cheap, but they appear to be very high quality.

Next goal is to hook up my 8 port network managed switch to one of the ports to add printers and other machines, including NAS storage on some Raspberry Pi’s. (prefer to keep as much wired to avoid wifi scanning giving up my location anytime a cell gets within range)

To complete this/figure this project out, I ran through the steps in Bazzell’s privacy book, or you can view the steps here on his site: IntelTechniques pfSense Firewall (I feel like a salesman for him, but I give him credit to pulling me into this world of privacy, tech and ultimately led me to this community)

If anyone has any input or experience with these things, please fire away! I have much to learn on this. I understand folks are using much cheaper RP4’s to accomplish basically the same thing as this, but this monster is compact and has excellent heat sinks for handling gigabit internet tasks, where I think the RP4 would limit out/overheat with heavy use.

Still rocking and rolling with Protectli box using PF Sense, I like this thing; on occasion I need to reboot the box, but it is worth the effort considering it protects all connected devices against giving up true IP address.

I’m thinking of moving the router portion to the modem/provided box from ISP so that wifi scanning doesn’t give up my geo location and connect that to the box, but maybe that’s overkill?

So far it’s quite robust and working well, I highly recommend once you can save enough pennies to grab a Protectli box.

Here’s a short write up to share with friends to help them configure their own firewall:

pfSense Home Firewall - Resources and Information

What is pfSense / a home firewall? pfSense is free and open source software (FOSS) that you can install on certain devices that create an internet firewall to help protect your online identity, and to upgrade your security, with the right settings configured. The pfSense default settings are already a great starting point, so initial installation is quite easy and a good start for many of us. A great, easy, and robust, no-nonsense device is the Protectli box mentioned below, but to see what other devices can be used, and to learn more about pfSense, visit their site here: https://www.pfsense.org/

You have a wide range of options on physical configuration of your network, but at a macro look, your pfSense box is the first thing you plug your outside / incoming internet service into (unless you have DSL, in which case you need the modem first, then into your pfSense box), then to either a router, and/or your computer via LAN ethernet connection. The below diagram shows all LAN connections, but a router could be added to either the pfSense firewall or your network switch.

If you need additional ports for running additional ‘drops’ or LAN connections, you can use a managed switch to increase the number of ports to add more devices like printers or other computers, etc. See options for switches on this blog to get an idea: The Top 10 Best Selling NETGEAR Switches Comms Express | Latest Blog Posts

I prefer to hard-wire connections whenever possible, but most of us still rely on a wireless router for at least some functions such as connecting your phone. Perhaps you have a separate router for a home security camera setup. Regardless, when you have your proper setup with pfSense, you no longer need a VPN on any device that connects to your network since your pfSense box handles that for you already. This is also advantageous for saving money on paid VPN services, many of which limit the number of devices that can be used with various tiers of payment plans. For example, I used PIA VPN service for a long time with a limit of 5 devices; I could use one for my pfSense firewall which protects all of my home devices, and the others for our phones and laptops for when we are away from our home network.

One of my favorite content creators on all things digital privacy, Michael Bazzell’s podcast called ‘Privacy, Security and OSINT’ and his website and books also offer additional information: (and further sources listed below Bazzell’s content)

https://inteltechniques.com/firewall/

^^ (Bazzell’s scripts/settings, are now only updated for Proton VPN- for other VPN providers, you will need to configure it yourself instead of using these scripts he provides. )

Here’s an excellent example of the hardware to put it on: (2 port is plenty for most home users, but the 4 port is not much more expensive, and the option I went with so that there is room for growth; you may also want the bigger ones if you have fast internet)

Protectli Vault – (from inteltechniques.com)

We currently recommend the Protectli Vault for home firewalls with the following minimal specs:

Memory: 4GB
Storage: 32GB
Wi-Fi: None
BIOS: Coreboot

The following direct purchase links are pre-configured for use as a Firewall:

2-Port FW2B: amzn.to/2NRIfpA
4-Port FW4B: amzn.to/31jMzlk
6-Port FW6B: amzn.to/3lPBaCo

If you have home internet speeds over 200mbps, choose the 4-port or 6-port. If your home internet speed is over 300mbps, choose the 6-port. If you want to have a non-VPN port for Netflix or other streaming, choose the 4-port or 6-port.

The following podcasts are listed newest to oldest, so it may be best to start from the oldest and work your way to the newest to better understand the content Bazzell presents on firewalls (links are for Castbox, but I included the Episode number for each one if you use a different platform, for easy reference):

^^ pfSense update Bazzell E p 251 ‘Privacy, Security and OSINT’ podcast

^^ Ep 207 ‘Privacy, Security and OSINT’ podcast

^^ the trouble with VPN’s Ep 183 ‘Privacy, Security and OSINT’ podcast

^^ Ep 166 ‘Privacy, Security and OSINT’ podcast

^^ home firewalls Ep 049 ‘Privacy, Security and OSINT’ podcast

Other good videos explaining pfSense software and configuration:

^^N etwork C huck – great overview of pfSense and how to install/configure

^^ In depth configuration of pfSense presented by Lawrence Systems, this is one of many of his videos on configuration and use.

That should help you figure out if this is something you wish to tackle, I found the process fairly straightforward for initial setup, but there are many, many things we can do to tweak and configure on these boxes as you learn more about them. Excellent software, and not just for home users, but many businesses also use these. Enjoy and stay safe out there!