Those who know me well know I'm passionate about Open Source. More recently, Open Source Intelligence — I know, sounds like an oxymoron right?
But how do you use Open Source Intelligence with an Open Source Firewall running IDS/IPS? Follow me for fortnightly updates on how I built a firewall using pfSense with Open Source Intelligence threat feeds to protect my family.
The idea is simple: combine freely available threat intelligence — malicious IP lists, domain blocklists, botnet C2 feeds, and more — with a pfSense firewall running Snort or Suricata as the IDS/IPS engine. The result is a network perimeter that's constantly informed by real-world threat data, automatically blocking known-bad actors before they can reach anything on the inside.
This isn't just a home lab curiosity. The same principles apply at enterprise scale — the difference is mostly in the tooling budget, not the methodology. If you can build it at home with open source tools, you understand the fundamentals well enough to implement and defend it anywhere.