Contrxl’s Substack

Contrxl’s Substack

Share this post

Contrxl’s Substack
Contrxl’s Substack
Virtual Home Lab Setup for Cybersecurity - Part 8: Configuring New Firewall Interfaces
Copy link
Facebook
Email
Notes
More

Virtual Home Lab Setup for Cybersecurity - Part 8: Configuring New Firewall Interfaces

Part 8: Configuring New Firewall Interfaces

Contrxl
Feb 14, 2025

Share this post

Contrxl’s Substack
Contrxl’s Substack
Virtual Home Lab Setup for Cybersecurity - Part 8: Configuring New Firewall Interfaces
Copy link
Facebook
Email
Notes
More
Share

Overview

To setup Splunk and then our new malware lab, we’ll need to setup two new interfaces on our firewall: DFIR & ISOLATED. We’ll set these up using the CLI then move onto building the labs.

Prerequisites

To get setup using the VirtualBox CLI, we need to add its path to our environment. To do this, open file explorer and navigate to C:\Program Files\Oracle\VirtualBox. This should take you to the VirtualBox install location, verify you have a file called VBoxManage.exe in here. Now, search for “Environment” on your PC, and open “Edit the system environment variables”.

In the menu that opens up, select “Environment Variables”. In the “Environment Variables” window, click “Path” then “Edit”. In the “Edit” window, click “New” and paste in the path to your VirtualBox installation. Press “OK” on each window to confirm.

To verify this has worked, open PowerShell and run VBoxManage list vms:

Creating the Interfaces

Make sure your pfSense VM is powered off. In your PowerShell window, run the following commands to create three new interfaces:

VBoxManage modifyvm “pfSense” --nic5 intnet
VBoxManage modifyvm “pfSense” --nictype5 virtio
VBoxManage modifyvm “pfSense” --intnet5 “LAN 3”
VBoxManage modifyvm “pfSense” --cableconnected5 on
VBoxManage modifyvm “pfSense” --nic6 intnet
VBoxManage modifyvm “pfSense” --nictype6 virtio
VBoxManage modifyvm “pfSense” --intnet6 “LAN 4”
VBoxManage modifyvm “pfSense” --cableconnected6 on
VBoxManage modifyvm “pfSense” --nic7 intnet
VBoxManage modifyvm “pfSense” --nictype7 virtio
VBoxManage modifyvm “pfSense” --intnet7 “LAN 5”
VBoxManage modifyvm “pfSense” --cableconnected7 on

Back in VirtualBox, you should now see seven total interfaces on the pfSense. If you want to modify this interface later, you’ll need to do so via command line.

Configuring OPT3

Power the pfSense firewall on. Once its on, we won’t see our new interface yet, we need to onboard it. Press “1” to begin assigning interfaces, type “n” to skip assigning VLANs, name the interfaces “vtnet0”, “vtnet1”, “vtnet2”, “vtnet3”, “vtnet4”, “vtnet5” and “vtnet6”. Once done, you should now see “OPT3”, “OPT4” and “OPT5” as interfaces.

To configure “OPT3”, press “2”, then pick option “5”. Configure the following:

  • Configure IPv4 Address OPT3 Interface via DHCP?: n

  • Enter the New OPT3 IPv4 Address: 10.99.99.1

  • Enter the new OPT3 IPv4 Subnet Bit Count: 24

  • Press Enter for none

  • Configure IPv6 Address OPT3 Interface via DHCP6: n

  • Press Enter for none

  • Do you want to enable the DHCP server on OPT3?: y

  • Enter start address: 10.99.99.11

  • Enter end address: 10.99.99.243

  • Do you want to revert to HTTP as the webConfigurator protocol?: n

Now, launch the Kali management VM and sign into the pfSense admin dashboard. From the dashboard, select “Interfaces” and “OPT3”. Change the description to “ISOLATED”, save and apply the changes. Now, select “Firewall”, then “Rules” and choose the “ISOLATED” interface. We only need one rule, configure the following:

  • Action: Block

  • Address Family: IPv4 + IPv6

  • Protocol: Any

  • Source: ISOLATED Subnets

  • Destination: Any

  • Description: Block access to everything.

Choose “Save” and then “Apply” to persist the rule. Reboot pfSense by selecting “Diagnostics” and “Reboot”.

Configuring OPT4

Back in the pfSense console press “2”, then pick option “6” to configure OPT4. Configure the following:

  • Configure IPv4 Address OPT3 Interface via DHCP?: n

  • Enter the New OPT3 IPv4 Address: 10.10.10.1

  • Enter the new OPT3 IPv4 Subnet Bit Count: 24

  • Press Enter for none

  • Configure IPv6 Address OPT3 Interface via DHCP6: n

  • Press Enter for none

  • Do you want to enable the DHCP server on OPT3?: y

  • Enter start address: 10.10.10.11

  • Enter end address: 10.10.10.243

  • Do you want to revert to HTTP as the webConfigurator protocol?: n

Now, back to the Kali management VM and the pfSense admin dashboard. From the dashboard, select “Interfaces” and “OPT4”. Change the description to “DFIR”, save and apply the changes. Now, select “Firewall”, then “Rules” and choose the “DFIR” interface. Configure the following rules:

Rule 1:

  • Action: Block

  • Address Family: IPv4 + IPv6

  • Protocol: Any

  • Source: DFIR Subnets

  • Destination: WAN Subnets

  • Description: Block access to services on WAN interface.

Rule 2:

  • Action: Block

  • Address Family: IPv4 + IPv6

  • Protocol: Any

  • Source: DFIR Subnets

  • Destination: WAN Subnets

  • Description: Block access to services on LAN interface.

Rule 3:

  • Action: Pass

  • Address Family: IPv4 + IPv6

  • Protocol: Any

  • Source: DFIR Subnets

  • Destination: Any

  • Description: Allow traffic to all other subnets and internet.

Choose “Save” and then “Apply” to persist the rules. Reboot pfSense by selecting “Diagnostics” and “Reboot”.

And we’re set! Next, we’ll install Ubuntu and configure Splunk to receive logs from our server.

Configuring OPT5

Back in the pfSense console press “2”, then pick option “7” to configure OPT5. Configure the following:

  • Configure IPv4 Address OPT5 Interface via DHCP?: n

  • Enter the New OPT5 IPv4 Address: 10.33.33.1

  • Enter the new OPT5 IPv4 Subnet Bit Count: 24

  • Press Enter for none

  • Configure IPv6 Address OPT5 Interface via DHCP6: n

  • Press Enter for none

  • Do you want to enable the DHCP server on OPT3?: y

  • Enter start address: 10.33.33.11

  • Enter end address: 10.33.33.243

  • Do you want to revert to HTTP as the webConfigurator protocol?: n

Now, back to the Kali management VM and the pfSense admin dashboard. From the dashboard, select “Interfaces” and “OPT5”. Change the description to “ATTACKER”, save and apply the changes. Now, select “Firewall”, then “Rules” and choose the “ATTACKER” interface. Configure the following rules:

Rule 1:

  • Action: Block

  • Address Family: IPv4 + IPv6

  • Protocol: Any

  • Source: ATTACKER Subnets

  • Destination: WAN Subnets

  • Description: Block access to services on WAN interface.

Rule 2:

  • Action: Block

  • Address Family: IPv4 + IPv6

  • Protocol: Any

  • Source: ATTACKER Subnets

  • Destination: ISOLATED Subnets

  • Description: Block access to services on ISOLATED interface.

Rule 3:

  • Action: Pass

  • Address Family: IPv4 + IPv6

  • Protocol: Any

  • Source: DFIR Subnets

  • Destination: Any

  • Description: Allow traffic to all other subnets and internet.

Thanks for reading Contrxl’s Substack! Subscribe for free to receive new posts and support my work.

Share this post

Contrxl’s Substack
Contrxl’s Substack
Virtual Home Lab Setup for Cybersecurity - Part 8: Configuring New Firewall Interfaces
Copy link
Facebook
Email
Notes
More
Share

Discussion about this post

No posts

Ready for more?

© 2025 Contrxl
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More