Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Egress filtering, but what with all the Google and Microsoft connections?

    Scheduled Pinned Locked Moved Firewalling
    3 Posts 2 Posters 636 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • czar666C
      czar666
      last edited by

      I'd like to start egress filtering. In Firewall => Rules => LAN I already created a few allow rules for http, https, dns. My default [LAN to any] [allow] is still active and logged for the moment. I'd like to disable this rule at the end. But now that I check the logs, I see that I have a lot of connections to Google, Microsoft and Apple from all the devices in my LAN. They all have a lot of different public IP ranges. How do you handle this?? I make use of Google Drive, Microsoft Onedrive, Microsoft Agenda Sync, etc. Is egress filtering still an option or is it a waste of time? I know I can make use of aliases, but even then…
      I see much traffic using ports 993 (tcp), 443 (udp), 123 (udp). But there is a lot more. I know what the ports are used for. The question is what will happen once I disable the allow all to the outside rule....
      A few questions about the ports I mentioned:
      993 => I thought you had to open this when you had a mail server on your LAN. That's not the case for me.
      443 => I made a rule over TCP for https, not UDP. I read that closing port 80 and 443 over UDP could resolve the DDOS issues.
      123 => NTP, I'll probably have to add this in my allow list.

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        resolve ddos issues???  What??

        if our seeing 80/443 traffic over UDP its QUIC traffic
        https://en.wikipedia.org/wiki/QUIC

        As to 993 that is imap over ssl, do you have a client that talks to a email server outside your network using imap then yeah that port will be open.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        1 Reply Last reply Reply Quote 0
        • czar666C
          czar666
          last edited by

          Thank you for your reply. Maybe I didn't understood well what was meant (English not being my mother tongue) but about the ddos thing I read it here: http://pfsensesetup.com/egress-filtering-with-pfsense/. I'll take a look at the wiki page. 
          But in my case, does egress filtering seems to be overkill? What is your opinion about that? Do I close the door and let only going out the traffic that I want? And if so, how do I manage all these Google, Microsoft and Apple connections that pass today because of my allow any rule to the outside?
          And yes I use imap so I'll have to take care of that too.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.