Articles on: THREATINT

Essential Protection for Devices: pfSense®

Introduction


In this tutorial we will configure your pfSense® firewall to use THREATINT Essential Protection for Devices data feeds to add an additional layer of protection to the firewall itself and all services protected by the firewall like VPN, web, and email servers.



Prerequisites


We need a working URL in order to allow the firewall to download the content of a feed.


Rember, the URL needs to be constructed according to the following schema:


https:// fulfilment.threatint.eu /tdf & ? email= <email address> & subscription= <subscription ID> & feed= <feeds>


Kindly refer to Essential Protection for Devices: Introduction for details on how to construct the URL and which feeds are available.


Configuration


Follow these steps to configure your firewall.


Login (1 ) to your pfSense® firewall:


Select Firewall ( 1 ), Aliases ( 2 ) from the menu.


Click URLs ( 1 ), then + Add ( 2 ).



  • Enter a Name ( 1 ).
  • Select Type ( 2 ): URL Table (IPs). This alias consequently becomes a references to a URL with IP addresses, aka: a data feed.
  • Enter the URL of the feed as URL Table (IPs) ( 3 ).
  • Select Update Frequency ( 4 ): 1 from the dropdown. This value determines how often updates will get pulled from our servers. Unfortunately, every 1 day is the shortest period to select from.
  • Click Save ( 5 ).



  • Click Apply Changes ( 1 ).
  • Click the table icon ( 2 ) to check the status of the URL Table.




We have created a new firewall alias that consists of a feed being updated automatically on a daily basis. Now we need to create a firewall rule to use this alias.



Select Firewall ( 1 ), then Rules ( 2 ) from the menu.



Select WAN ( 1) to display all existing firewall rules, then Add ( 2 ).


  • Select Action ( 1 ) Block or Reject.
  • Select Interface ( 2 ): WAN.
  • Select TCP/IP Version ( 3 ) based on the feed choosen.
  • Select Protocol ( 4 ): Any
  • Select Source ( 5 ): Address or Alias and start typing the name of your firewall alias ( 6 ), select your alias from the dropdown that appears after a few characters.
  • Select Destination ( 7 ): Any.

  • Select Log packets that are handled by this rule ( 8 )
  • Click Save ( 9 ).



  • Check the position of the firewall rule you just created and move it to the top of the list ( 1 ).
  • Click Apply changes ( 2 ) to commit the changes made to the firewall rules.



Summary


Congratulations. You made it. You added an additional layer of security to your pfSense® firewall and all services protected by your firewall by using THREATINT Essential Protection for Devices data feeds.

Updated on: 10/07/2025

Was this article helpful?

Share your feedback

Cancel

Thank you!