Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    firewall all ports blocked

    Firewalling
    5
    7
    305
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Andoniar78
      last edited by

      hello.
      i have blocked all the ports in the firewall of a captive portal opening only ports for whatsapp. The problem is that it gives me an error when connecting since the captive portal does not connect well. I have opened ports 8000,8001 and 8002 so that it connects to the captive portal ip but it still doesn't work.
      Is there any other ip port that I have to open?
      THANK YOU

      V GertjanG 2 Replies Last reply Reply Quote 0
      • V
        viragomann @Andoniar78
        last edited by

        @Andoniar78
        Which error?
        Consider to allow at least DNS for name resolution.

        1 Reply Last reply Reply Quote 0
        • GertjanG
          Gertjan @Andoniar78
          last edited by Gertjan

          @Andoniar78 said in firewall all ports blocked:

          Is there any other ip port that I have to open?

          For the portal to work, you have to have at least one rule :

          e41315e5-72e9-4585-af5d-c9c52c632df9-image.png

          The second, last & 'hidden' rule will block everything.

          Now you can connect to the portal.
          But you can't 'do' anything.

          If you want certain apps to function, you need to know the ports they use. If possible, combine these with the IPv4 they use.

          @Andoniar78 said in firewall all ports blocked:

          I have opened ports 8000,8001 and 8002

          Not needed.
          As said above, just the TCPv4 UPD and TCP, destination (to the firewall) port 53 will do.
          I was able to connect to my portal using just that one rule.

          Btw : Whatsapp == facebook.
          That means an awful lot of IPv4 addresses, probably entire networks.

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          A 1 Reply Last reply Reply Quote 0
          • A
            Andoniar78 @Gertjan
            last edited by Andoniar78

            @Gertjan Reglas.png
            no working this way...
            what do you mean with "hidden" rule?

            THANK YOU

            johnpozJ S GertjanG 3 Replies Last reply Reply Quote 0
            • johnpozJ
              johnpoz LAYER 8 Global Moderator @Andoniar78
              last edited by

              @Andoniar78 please look here

              https://docs.netgate.com/pfsense/en/latest/troubleshooting/captiveportal.html#troubleshooting-captive-portal

              I would suggest you validate the captive portal works before you try and block whatever it is you want to block.

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.03 | Lab VMs 2.7.2, 24.03

              1 Reply Last reply Reply Quote 0
              • S
                SteveITS Rebel Alliance @Andoniar78
                last edited by

                @Andoniar78 said in firewall all ports blocked:

                what do you mean with "hidden" rule?

                PfSense and most firewalls have a default rule on all interfaces to “block all” therefore only traffic that is allowed via rule is allowed. This is why LAN has added “allow all” rules but WAN has no added rules out of the box.

                Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                Upvote 👍 helpful posts!

                1 Reply Last reply Reply Quote 0
                • GertjanG
                  Gertjan @Andoniar78
                  last edited by

                  @Andoniar78 said in firewall all ports blocked:

                  what do you mean with "hidden" rule?

                  pfSense is - among others - a firewall.
                  A whole lot of nice screens, but never forget to look at this file : /tmp/rules.debug as that copy was loaded into the firewall.

                  You'll find in there the rules that are defined as the 'last rule' for every interface :

                  #---------------------------------------------------------------------------
# default deny rules
#---------------------------------------------------------------------------
block in  inet all ridentifier 1000000103 label "Default deny rule IPv4"
block out  inet all ridentifier 1000000104 label "Default deny rule IPv4"
block in  inet6 all ridentifier 1000000105 label "Default deny rule IPv6"
block out  inet6 all ridentifier 1000000106 label "Default deny rule IPv6"

                  which stands for : nothing gets in, neither out.
                  For IPv6 and Ipv6.

                  No "help me" PM's please. Use the forum, the community will thank you.
                  Edit : and where are the logs ??

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post