Firewall rule won't block World of Warcraft / XBox360
-
Hi there,
New to these forums, and need a bit of help! :)
I've set up a rule to block internet traffic from specific LAN addresses based on a schedule. This is working fine.
However, I'm unable to block traffic created by World of Warcraft from the same IP.
In the rule, I selected ANY traffic type (as opposed to TCP/UDP) and ANY port. I thought this would cover WoW etc, but it doesn't.
I do have Squid running, and UPnP as well, and I was wondering if this is why the IP address that can't access the net, can still run Warcraft?
Any ideas or suggestions would be gratefully received.
Thanks,
MJ
-
So if you use block any from one source, is it still able to play wow?
-
Hhhm - interesting question!
Looks like I can't block any XBox360 or WoW traffic even if I choose ANY for SOURCE, and ANY for PROTOCOL.
Taking the schedule out of it for now, something must be passing those particular packets through the firewall, ignoring the rules.
Squid?, SquidGuard (disabled for now with no improvement)?, UPnP?
???
-
Try also disable upnp and check what happens
-
Try also disable upnp and check what happens
No difference. I've disabled UPnP and it has no effect.
However, I do have UPnP enabled on my router, which is the on the WAN side of pFSense.
Would that also need to be disabled?
-
Can you view screenshots of your rules
-
Can you view screenshots of your rules
Sorry for the late reply.
It's not a rule problem, I don't believe.
I've turned off UPnP on the router, AND within pfSense, and that does indeed block WoW and XBox360.
If any one of the UPnP services is running, the ports required by these games can find a way through.
I guess Steve Gibson was right about UPnP being a bit of a vulnerability!
-
Is this solved?
-
Is this solved?
Well, it explains why WoW and XBox360 traffic gets through using UPnP.
It still leaves me with a problem.
I can't see a simple way to block traffic of this type on a schedule. I need to Port Forward a long list of ports so that WoW and XBoxLive etc works only when I want (ie has a cut off time during school nights etc).
By default, this type of traffic doesn't easily get through the pfSense firewall unless UPnP is on, or the exact ports are forwarded.
Am I looking for a complicated solution when there is a simpler way?
-
how about having way around the problem
- static ip's with dhcp reservation for this wow machine and xbox
- create alias for blocking these devices
- create block rule with schedule and this newly done alias
-
how about having way around the problem
- static ip's with dhcp reservation for this wow machine and xbox
- create alias for blocking these devices
- create block rule with schedule and this newly done alias
Hi again,
That's what I tried to do, but without UPnP enabled, it doesn't work very well. XBox requires UPnP to function correctly I reckon (it's a M$ thing).
If I don't enable UPnP, sure I can block the apps, but they wont run very well when the rule is off (ie schedule allows the ports open).
Was wondering whether my WAN interface should be the DMZ of my home router, and let pfSense do all the work? The crappy router supplied by my ISP uses MER (MAC encapsulated routing) so I can't easily change it (its not a cable router either).
-
Well, it explains why WoW and XBox360 traffic gets through using UPnP.
It still leaves me with a problem.
I can't see a simple way to block traffic of this type on a schedule. I need to Port Forward a long list of ports so that WoW and XBoxLive etc works only when I want (ie has a cut off time during school nights etc).
By default, this type of traffic doesn't easily get through the pfSense firewall unless UPnP is on, or the exact ports are forwarded.
Am I looking for a complicated solution when there is a simpler way?
I ran WoW just fine without any changes to the pfSense firewall. The only thing I had to open a port for was the updates. If I didn't, they were really slow. Not sure why yours isn't working without uPnP.
-
@Bai Shen: we're trying to block it
-
@Bai Shen: we're trying to block it
Yep - and preferably - with a schedule.
Out of both applications, WoW should be OK without UPnP, but the XBox definitely isn't. It's a known problem, and there are many posts about it.
This one is helpful, but again, it requires UPnP.
http://forum.pfsense.org/index.php?topic=13887.0
I don't there is a way around the UPnP issue, unless Microsoft redesigns the way the thing works.