Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense- Version update is available

    Scheduled Pinned Locked Moved General pfSense Questions
    12 Posts 4 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      Thoufiq
      last edited by

      I have only allowed one port on WAN interface and all the other ports and traffics are blocked but i am able to get the package availability and version upgrade messages on the dashboard. What way the pfsense is using to get this messages..?

      1 Reply Last reply Reply Quote 0
      • RicoR
        Rico LAYER 8 Rebel Alliance
        last edited by Rico

        Firewall rules control what traffic is allowed to enter an interface on the firewall.
        So even if you block anything on WAN (which is by default) does not affect pfSense itself.
        I would not suggest you to block any pfSense traffic anyway.

        -Rico

        T 1 Reply Last reply Reply Quote 0
        • T
          Thoufiq @Rico
          last edited by

          @rico Thanks for the reply but can you please explain what is pfsense traffic ..
          I think the pfsense traffic is some traffic which enters pfsense internal interface and exit from its external interface according to the rule

          1 Reply Last reply Reply Quote 0
          • GrimsonG
            Grimson Banned
            last edited by

            RTFM:
            https://www.netgate.com/docs/pfsense/firewall/firewall-rule-basics.html
            https://www.netgate.com/docs/pfsense/firewall/firewall-rule-processing-order.html
            https://www.netgate.com/docs/pfsense/firewall/floating-rules.html
            https://www.netgate.com/docs/pfsense/book/firewall/index.html

            1 Reply Last reply Reply Quote 0
            • RicoR
              Rico LAYER 8 Rebel Alliance
              last edited by Rico

              pfSense traffic is not entering any Interface becauce it's generated by the Firewall itself.
              Again, you will surely get a wide range of problems by blocking pfSense traffic, no DNS, slow WebGUI and so on. Why do you want to do this?

              -Rico

              T 1 Reply Last reply Reply Quote 0
              • T
                Thoufiq @Rico
                last edited by

                @rico Please let me know the ways to aloow the pfsense traffic

                T 1 Reply Last reply Reply Quote 0
                • T
                  Thoufiq @Thoufiq
                  last edited by

                  @thoufiq In my firewall rules,

                  On WAN interface
                  Some Source IPs are allowed to access the firewall GUI-https
                  And some production traffic from in-to out is allowed
                  all the other traffics are blocked on WAN interface
                  On LAN
                  All open-pass

                  1 Reply Last reply Reply Quote 0
                  • RicoR
                    Rico LAYER 8 Rebel Alliance
                    last edited by

                    You're fine then, pfSense traffic is always allowed by default.
                    I'd close the WebGUI ports from WAN and install some OpenVPN Remote Access Server to get access to local resources like the pfSense GUI from outside.

                    -Rico

                    T 1 Reply Last reply Reply Quote 0
                    • T
                      Thoufiq @Rico
                      last edited by

                      @rico Oh fine but my doubt is that how the pfsense getting update message and package info ?

                      T 1 Reply Last reply Reply Quote 0
                      • T
                        Thoufiq @Thoufiq
                        last edited by

                        @thoufiq Is that a default setting of pfsense to not block it (I think is getting update messages from http://updates.pfsense.org )

                        1 Reply Last reply Reply Quote 0
                        • stephenw10S
                          stephenw10 Netgate Administrator
                          last edited by

                          All outbound traffic from an interface is allowed by default.

                          The traffic generated by pfSense itself to check for updates uses only the WAN interface and opens states outbound. Hence it's always allowed.

                          The only way to block that is using floating rules which can be applied outbound but I also suggest you do not do that.

                          Steve

                          T 1 Reply Last reply Reply Quote 0
                          • T
                            Thoufiq @stephenw10
                            last edited by

                            @stephenw10 Got it thanks ...

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.