@nbk333 not really asking about your specifics - I wonder why they made the switches default 1400.. That seems odd to me..

@SteveITS Finally I managed to solve this problem, at least for now. I used packet capture to see what matches I could find and port 9339 was the one that always appeared as the communication port. I prohibit the use of this port in the group where the children's phones are located and I regulate it with a schedule.

That was too easy! And it worked! thanks.

@Gblenn gaming systems did not have voice chat without STUN enabled

So your being DDoS’d? There isn't much you can do about that on consumer hardware. We get DDoS’d all the time at work, and we have special appliances that use algorithms to intercept that kind of traffic and absorb it before it hits our production hardware.

@KOM I can see that WAN is blocking that port. How to set up the rule for WAN to let it pass?

This should be fixed in 24.08, its actually an issue with miniupnpd from what i understand, and they have fixed it. Its fixed in the latest dev version of pfsense because they updated the packages, If you want states to time out like they should, then you will need to manually update the package on your pfsense box. run the update pfense to get the latest repos, and then run pkg upgrade miniupnpd from shell. this will update miniupnpd to the latest version, and should fix the states never timing out problem. I would also restart the miniupnpd service just to make sure you are using the updated package if you take this route. If not, it should be fixed in the future release.

I was making changes and said wait a second let’s check the status page

@xtreamdev what is the bottom part of UPnp Settings? You can add in specific IP addressing have you enabled that? Did you also set NAT up correctly? Static port I think the setting is for the Xbox only. https://docs.netgate.com/pfsense/en/latest/recipes/games.html

@DynamiteLotus I have always been using UPnP and have Open NAT on all my games. But it seems to me that one key element to the success here is to change the default port 3074 so that each Xbox uses a different port.. So this is not a pfsense setting or rule, it's something you have to do in each Xbox manually. I don't know anything about Xbox but it's in the guide that is linked in the original post. [image: 1717836499380-800502fe-6800-48f8-9772-bd7e18181517-image.png] https://forum.netduma.com/topic/21835-the-new-xbox-one-update-has-manual-port-selection-3074-more/

UPDATE: Turns out it was an issue with my ISP. However, I'm still wondering why my memory usage was so high (it's far lower now after a system reboot).

@Sabrcyclon Great that it's working with that setup. If you ever get the urge to do more testing, you can always try to recreate that deny rule and see if it breaks things. Then you can try limiting the ports as well, but testing takes time so question is, is it worth it... ?

9 years later! Wonder how many had this issue in that time. To save someone else hours of pulling their hair out.... Don't forget to reset state tables!!! Diagnostics / States / Reset States Rebooting the router / PC / Game did not work! Resetting state tables may take a while and not automatically refresh the page. Click on the pfsense logo and wait for the home page to load.

@JonathanLee I block DNS over HTTPS to the firewall using unbound because I have unbound running DoT. My solution to the Nintendo griping about DNS was to route it out to 1.0.0.2. I was also having issues with unbound using the ephemeral ports I was using, interrupting my sensitive codel games so had change localhost's NAT outbound.

@PickleSlice ... This might help... https://www.reddit.com/r/OPNsenseFirewall/comments/ux5h43/the_definitive_guide_to_enabling_sony_playstation/?rdt=52258

@mcury I know that AppID can detect everything when the rules are in place. I do not know the patterns but, they do not require description it seems.