OPNsense Forum

Archive => 18.1 Legacy Series => Topic started by: aggiebeckett on August 10, 2018, 06:36:34 am

Title: Only Allow Certain User Group to manage FW rules on specific interface.
Post by: aggiebeckett on August 10, 2018, 06:36:34 am

I'm currently in the process of developing a Cyber Attack Scenario that Citys and Municipalities can use to give their IT and Security personnel the opportunity for some real-world Cyber training. For this scenario, I'm planning to have a would-be group of actors attack simulated critical infrastructure and key resources systems for a made up city. And have the students attempt to mitigate the attack. These systems networks will all be routed through OPNsense routers and firewalls. I'm not planning to integrate any authentication besides local. I'm wondering if it is currently possible on the 18.1 Series to only allow User Groups to manage Firewall Rules on specific Interfaces. My reasoning for this is I would like the students to be able to manage the simulated infrastructure network and firewall rules without being able to manage other interfaces. Since this is a completely offline sandbox environment the attacker subnets will run through the routers as well. I've been looking around within the GUI and reading up on the documentation available online but don't seem to see anything regarding this feature. So I've turned to you great people of the OPNsense forums as my last bastion of hope that this is feasible. I'm comfortable with the shell if it isn't possible via the web GUI. Any help would be greatly appreciated.

I tried searching around on the Forums for this question but couldn't seem to find anything regarding my issue. Please excuse me if this has already been answered.