Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Egress filtering, but what with all the Google and Microsoft connections?

    Firewalling
    2
    3
    519
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • czar666
      czar666 last edited by

      I'd like to start egress filtering. In Firewall => Rules => LAN I already created a few allow rules for http, https, dns. My default [LAN to any] [allow] is still active and logged for the moment. I'd like to disable this rule at the end. But now that I check the logs, I see that I have a lot of connections to Google, Microsoft and Apple from all the devices in my LAN. They all have a lot of different public IP ranges. How do you handle this?? I make use of Google Drive, Microsoft Onedrive, Microsoft Agenda Sync, etc. Is egress filtering still an option or is it a waste of time? I know I can make use of aliases, but even then…
      I see much traffic using ports 993 (tcp), 443 (udp), 123 (udp). But there is a lot more. I know what the ports are used for. The question is what will happen once I disable the allow all to the outside rule....
      A few questions about the ports I mentioned:
      993 => I thought you had to open this when you had a mail server on your LAN. That's not the case for me.
      443 => I made a rule over TCP for https, not UDP. I read that closing port 80 and 443 over UDP could resolve the DDOS issues.
      123 => NTP, I'll probably have to add this in my allow list.

      1 Reply Last reply Reply Quote 0
      • johnpoz
        johnpoz LAYER 8 Global Moderator last edited by

        resolve ddos issues???  What??

        if our seeing 80/443 traffic over UDP its QUIC traffic
        https://en.wikipedia.org/wiki/QUIC

        As to 993 that is imap over ssl, do you have a client that talks to a email server outside your network using imap then yeah that port will be open.

        1 Reply Last reply Reply Quote 0
        • czar666
          czar666 last edited by

          Thank you for your reply. Maybe I didn't understood well what was meant (English not being my mother tongue) but about the ddos thing I read it here: http://pfsensesetup.com/egress-filtering-with-pfsense/. I'll take a look at the wiki page. 
          But in my case, does egress filtering seems to be overkill? What is your opinion about that? Do I close the door and let only going out the traffic that I want? And if so, how do I manage all these Google, Microsoft and Apple connections that pass today because of my allow any rule to the outside?
          And yes I use imap so I'll have to take care of that too.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense Plus
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy