Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Basic Configuration: Block all exept windows updates

    Scheduled Pinned Locked Moved Firewalling
    2 Posts 2 Posters 748 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      software6
      last edited by

      I'm trying to setup my first PF Sense installation:
      "Block all incomming and outgoing traffic exept windows updates"
      Can this be done with firewall only or do I need to setup squid?
      What would the firewall ruleset look like?

      Thanks for your Support!

      1 Reply Last reply Reply Quote 0
      • M
        mer
        last edited by

        By default, pfSense blocks everything coming into the WAN port UNLESS it's a response to outbound traffic.  All outbound traffic by is allowed by default.

        You need to think a bit more about your network configuration.  Draw pictures, arrows with the directions of the traffic, which port it comes in on and what you want to do with it.    Rules are very specific in and out is from POV of "being pfSense".
        Packet captures of traffic can make it easy for you to understand the characteristics of the packet you want to allow or block.

        That said, generically pfSense rules are applied on an interface basis (except floating rules), user rules evaluated before default rules unless you muck with the order, rules are evaluated from top down, first match wins (because they make good use of the quick keyword), you want a couple of user rules top would be a pass in on LAN interfaces with characteristics matching windows upgrade packets followed by a block everything in on LAN interfaces.

        Now keep in mind doing this is guaranteed to break things like DNS, HTTP/HTTPS, and other generally useful packets.  That is why you really need to understand what you are asking.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.