pfSense on KVM

Create VM

CPU: pass host flag into guest
Net Interface: VirtIO

Add these script into /boot/loader.conf.local

virtio_load="YES"
virtio_pci_load="YES"
if_vtnet_load="YES"
virtio_balloon_load="YES"

 

KVM + ebtables for anti guest IP spoofing

#!/usr/bin/env bash
apt update
apt install ebtables
ebtables -A FORWARD -i <vm_interface> -p IPv4 --ip-src '!' <vm_ip> -j DROP

# eg.
# ebtables -A FORWARD -i tap100i0 -p IPv4 --ip-src '!' 192.168.0.100 -j DROP

exit 0