Basic Configuration: Block all exept windows updates



  • I'm trying to setup my first PF Sense installation:
    "Block all incomming and outgoing traffic exept windows updates"
    Can this be done with firewall only or do I need to setup squid?
    What would the firewall ruleset look like?

    Thanks for your Support!



  • By default, pfSense blocks everything coming into the WAN port UNLESS it's a response to outbound traffic.  All outbound traffic by is allowed by default.

    You need to think a bit more about your network configuration.  Draw pictures, arrows with the directions of the traffic, which port it comes in on and what you want to do with it.    Rules are very specific in and out is from POV of "being pfSense".
    Packet captures of traffic can make it easy for you to understand the characteristics of the packet you want to allow or block.

    That said, generically pfSense rules are applied on an interface basis (except floating rules), user rules evaluated before default rules unless you muck with the order, rules are evaluated from top down, first match wins (because they make good use of the quick keyword), you want a couple of user rules top would be a pass in on LAN interfaces with characteristics matching windows upgrade packets followed by a block everything in on LAN interfaces.

    Now keep in mind doing this is guaranteed to break things like DNS, HTTP/HTTPS, and other generally useful packets.  That is why you really need to understand what you are asking.