@mosaati - eviltoast
  • 0 Posts
  • 2 Comments
Joined 1 year ago
cake
Cake day: October 29th, 2023

help-circle
  • Since pfsense is block first, nothing can communicate unless you have a rule that allow it to communicate. VLAN hopping is a valid problem, it can be mitigated with locked down ports with white-listed MAC addresses and vlan tags.

    I highly recommend that nothing is served on vlan0. It should be only for an admin station and network devices, you should not use the admin station unless you are performing admin activities, for every day activities you should be on another locked vlan as anyone else.

    I also highly recommend to enable IPS.