OPNsense – Transparent Caching Filtering Proxy with Virus Scanning – Step 10 Final Steps

This is a pretty long guide, even before I added images, so it is broken it into sections. I hope it is easy to follow; if you find any errors, please Contact us!

Step 10 – Final Steps

In Step 1 we disabled the firewall and SELinux on the CentOS 7 server. Now that filtering is working, it’s time to re-enable those.

  1. First we need to turn back on the firewall and set it to be enabled at boot.
    Note you will need console access if you changed the SSH port!
    systemctl start firewalld.service
    systemctl enable firewalld.service
  2. Now we need to add rules to allow ICAP and HTTP, and also SSH if you changed the SSH port, and reload the firewall to apply the settings:
    firewall-cmd –permanent –add-port=80/tcp
    firewall-cmd –permanent –add-port=1344/tcp
    firewall-cmd –permanent –add-port=22/tcp    <- Change the port # to what you altered SSH to
    firewall-cmd –reload
  3. Test using this URL to verify your Antivirus scanning still works:
    http://www.eicar.org/download/eicar.com
  4. Now lets re-enable SELinux:
    nano /etc/selinux/config
    Change “SELINUX=disabled” <TO> “SELINUX=enforcing
  5. Reboot:
    shutdown -r now
  6. Log back into the CentOS server, su to root, and issue this command:
    restorecon -v /var/log/clamd.scan
  7. Verify SELinux is enforcing with this command:
    getenforce
  8. Now, lets test using a new secure site to verify everything is still working:
    https://secure.eicar.org/eicar.com
  9. If you get the Antivirus error page, then you know it’s all good!
Tagged with: , ,