Summary
This project documents a small OPNsense lab built to practise firewalling, segmentation thinking, and basic security monitoring. The main value is not that OPNsense is installed. The main value is proving that traffic can be allowed or blocked deliberately, that the result can be validated from both the endpoint side and the firewall side, and that the logs can be read with context.
Current Scope
The project stays within a focused lab design:
1OPNsense firewall VM1attacker system such as Kali or another Linux VM1victim system such as Ubuntu- one internal path through the firewall
- one rule change that clearly affects traffic flow
- one short log-analysis walkthrough
That scope is enough to demonstrate firewall logic without turning the lab into a full network redesign project.
Concrete Scenario Added
The main scenario added in this phase is an attacker-to-victim path across OPNsense:
- the attacker VM attempts to reach the victim VM
- OPNsense evaluates the connection against firewall rules
- allowed and blocked behaviour is compared
- the firewall logs are reviewed to confirm exactly what happened
This is the missing part that turns the project into a defendable security story. It shows not only configuration, but also outcome and evidence.
What This Project Is Meant To Show
This lab is meant to show four practical ideas:
- the difference between “firewall installed” and “traffic actually controlled”
- why rule order and default-deny thinking matter
- how to confirm a block event from logs instead of guessing
- how a small homelab can still demonstrate network-security reasoning
Public Project Pages
Evidence Worth Capturing
- OPNsense dashboard
- the relevant firewall rule list
- the attacker test command
- the failed or successful connection result on the endpoint side
- the matching OPNsense log entry
- one short analyst note explaining why the traffic was blocked or allowed
Private Working Notes
There is an older internal implementation note in this folder that remains private for now because it still reads like a long setup tutorial. The public project should stay tighter and focused on evidence.