Pfsense 2.4.2 upnp bug?

  • Hi everyone.

    I have UPNP enabled but have two IP and ports defined in the configuration for access control to upnp.  However, I see that another client on the network has a upnp session open (and is not in the access rule).  Is this a bug?


  • Rebel Alliance Developer Netgate

    What are your exact ACL rules in UPnP?

    Clients are allowed by default so unless you have a rule denying access to everyone after your allow entries, then others can still make connections.

  • Here is an example ACL i have in place:

    allow 53-65535 53-65535

    However another IP not on this rule has an open upnp session open.

  • Rebel Alliance Developer Netgate

    But do you have a deny rule? It allows by default. You need a deny to stop others from getting access.

  • Maybe my understanding is incorrect.  I thought pfsense was a deny by default unless granted rule base?  Does this not apply to upnp?  What would a deny rule look like?

    ** edit - i totally missed the deny by default check box :).  Thanks for pointing out the hole :)

  • pfSense by default trusts the LAN and not the WAN. The deny by default logic only applies for untrusted interfaces. LAN side, UPNP, DHCP, DNS, management, SSH, etc are all allowed.

Log in to reply