3. Pfsense 2.4.2 upnp bug?

Pfsense 2.4.2 upnp bug?

  • R

    Hi everyone.

    I have UPNP enabled but have two IP and ports defined in the configuration for access control to upnp.  However, I see that another client on the network has a upnp session open (and is not in the access rule).  Is this a bug?

    JJ

    0
  • Rebel Alliance Developer Netgate

    What are your exact ACL rules in UPnP?

    Clients are allowed by default so unless you have a rule denying access to everyone after your allow entries, then others can still make connections.

    0
  • R

    Here is an example ACL i have in place:

    allow 53-65535 10.180.24.28/32 53-65535

    However another IP not on this rule has an open upnp session open.

    0
  • Rebel Alliance Developer Netgate

    But do you have a deny rule? It allows by default. You need a deny to stop others from getting access.

    0
  • R

    Maybe my understanding is incorrect.  I thought pfsense was a deny by default unless granted rule base?  Does this not apply to upnp?  What would a deny rule look like?

    ** edit - i totally missed the deny by default check box :).  Thanks for pointing out the hole :)

    0
  • H

    pfSense by default trusts the LAN and not the WAN. The deny by default logic only applies for untrusted interfaces. LAN side, UPNP, DHCP, DNS, management, SSH, etc are all allowed.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy