RE: https://infosec.exchange/@Hacktivate/115581917628259124
⚡ 3 Fast Checks Every Network Should Run Today
1️⃣ Unknown devices on VLANs?
2️⃣ Unused open ports pre-attack?
3️⃣ Default creds still active anywhere?
You don’t need a full audit — just a disciplined recon loop.
AI + automation makes this continuous.
#Cybersecurity #AIsec #NetOps #DevSecOps
Want micro playbooks or scripts? @mention me.
A small quirk about pfSense (should be the same for other gateways): For stateful connections, the Rules matching strategy strictly follows the direction during the handshake, and thereafter all packets of this connection match the same Rules *regardless of direction*.
Things become interesting when a Rule includes advanced settings like Limiters. For example: you want to use a Limiter to restrict the download speed of a local IP (say, under pfSense's LAN subnet), and the download connection is initiated by this IP, connecting to an external server.
Then you need to set up a Rule for LAN interface (not WAN), put the IP to be limited in the Source field(!), apply the Limiter to the Out direction.
Explanation: The handshake direction is actually from this IP to the external server, so all packets of this connection apply the direction from the handshake when matching rules (source is the local IP, target is the external server). Even though the actual download packets are sent from the external server to this IP. This is somewhat counterintuitive.
Regarding the Limiter direction, it's because download packets leave pfSense heading to this IP, so it's the out direction.
Similarly, if this IP has opened a port to the external network and the connection is initiated from outside, then packets sent from outside to this IP are not subject to the Limiter restriction mentioned above, even though in both cases data is being sent from outside to this IP.
RE: https://c7.io/@snullp/115618731200733871
关于pfSense的一个小细节(其他网关应该也一样):对于有状态的连接,规则匹配策略严格遵循握手时的方向,之后这个连接的所有数据包都匹配相同的规则,无论方向如何。
当规则包含Limiter等高级设置时,事情就变得有趣了。举个例子:你想用Limiter限制某个本地IP(比如在pfSense的LAN子网下)的下载速度,而下载连接是由这个IP发起的,连接到外部服务器。
那么你需要为LAN接口(而不是WAN)设置规则,将要限制的IP放在Source字段(!),并将Limiter应用到Out方向。
解释:握手方向实际上是从这个IP到外部服务器,所以这个连接的所有数据包在匹配规则时都应用握手时的方向(source为本地IP,target为外部服务器)。即使实际的下载数据包是从外部服务器发送到这个IP的。这有点违反直觉。
关于Limiter方向,这是因为下载数据包离开pfSense发送到这个IP,所以是out方向。
同样,如果这个IP向外网开放了端口,连接是由外部发起的,那么从外部发送到此IP的数据包则不受上述Limiter限制,尽管在两种情况下数据都是从外部发送到这个IP的。
