Pfsense- Version update is available
-
I have only allowed one port on WAN interface and all the other ports and traffics are blocked but i am able to get the package availability and version upgrade messages on the dashboard. What way the pfsense is using to get this messages..?
-
Firewall rules control what traffic is allowed to enter an interface on the firewall.
So even if you block anything on WAN (which is by default) does not affect pfSense itself.
I would not suggest you to block any pfSense traffic anyway.-Rico
-
@rico Thanks for the reply but can you please explain what is pfsense traffic ..
I think the pfsense traffic is some traffic which enters pfsense internal interface and exit from its external interface according to the rule -
RTFM:
https://www.netgate.com/docs/pfsense/firewall/firewall-rule-basics.html
https://www.netgate.com/docs/pfsense/firewall/firewall-rule-processing-order.html
https://www.netgate.com/docs/pfsense/firewall/floating-rules.html
https://www.netgate.com/docs/pfsense/book/firewall/index.html -
pfSense traffic is not entering any Interface becauce it's generated by the Firewall itself.
Again, you will surely get a wide range of problems by blocking pfSense traffic, no DNS, slow WebGUI and so on. Why do you want to do this?-Rico
-
@rico Please let me know the ways to aloow the pfsense traffic
-
@thoufiq In my firewall rules,
On WAN interface
Some Source IPs are allowed to access the firewall GUI-https
And some production traffic from in-to out is allowed
all the other traffics are blocked on WAN interface
On LAN
All open-pass -
You're fine then, pfSense traffic is always allowed by default.
I'd close the WebGUI ports from WAN and install some OpenVPN Remote Access Server to get access to local resources like the pfSense GUI from outside.-Rico
-
@rico Oh fine but my doubt is that how the pfsense getting update message and package info ?
-
@thoufiq Is that a default setting of pfsense to not block it (I think is getting update messages from http://updates.pfsense.org )
-
All outbound traffic from an interface is allowed by default.
The traffic generated by pfSense itself to check for updates uses only the WAN interface and opens states outbound. Hence it's always allowed.
The only way to block that is using floating rules which can be applied outbound but I also suggest you do not do that.
Steve
-
@stephenw10 Got it thanks ...
