Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Discord/Gaming Rules

    Scheduled Pinned Locked Moved
    Firewalling
    2
    3
    121
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • John WillardJ
      John Willard
      last edited by

      So, on my firewall, I have my initial deny-any rules on all interfaces. But, I would like to access Discord VoIP and play some games online (such as Old School RuneScape). How can I restrict my access to not just the ports that those services need, but also the destinations? They all will be using IP pools and do not make public their IPs they use for security reasons, so I can I find a way to achieve my access control without making a rule that allows <game_ports> to all destination IPs?

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @John Willard
        last edited by Gertjan

        @John-Willard

        If you want to limit the access to a list of known IPs, then you need to know this list of IPs.
        Without the IPs, there is little you can do, except for allowing 'any' as a destination.

        You could discover this list of IPs over time.
        Make a pass rule with the known ports, to any destination IP. Make this rule log.
        Over time, inspect the logs, and note down all the different IPs you find. Add these IPs to a list (firewall alias).
        Then, above your initial pass to any limited to port rule, add a pass rule that uses this alias, and the destination ports.
        If all goes well, your now second rule starts to log less and less.
        If it logs something, you've found another IP that wasn't in the, now at the top, alias pass rule. Add this IP to the alias.
        And so on.

        Keep in mind : this is a never ending story. The game host can remove IP when ever it want, and add other IPs whenever it wants.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        John WillardJ 1 Reply Last reply Reply Quote 1
        • John WillardJ
          John Willard @Gertjan
          last edited by John Willard

          @Gertjan I am guessing there is no tool out there to help with getting the IPs since they do indeed always change lol - manual way it is then. Thank you though, Gertjan!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post