Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    tftp proxy, filtering by source and destination

    Scheduled Pinned Locked Moved Firewalling
    1 Posts 1 Posters 97 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      skullnobrains
      last edited by

      hello

      is there any way to enable the tftp proxy while filtering source and destination addresses.

      ideally, i would like to allow tftp from the whole LAN ( all interfaces : i create those a lot ) to a specific machine. it would seem meanigful to me to enable the tftp proxy in a regular rule or possibly a nat rule

      unfortunately, using the tftp proxy existing feature enables tftp from all hosts to an interface to the world. the rule is an "rdr pass ..." and is located above all other rules including floatings.

      is there an existing way to do this ? or am i wishing for a new feature ?

      i already know how to allow tftp using stateless rules but that does not really fit my bill for various reasons : namely : said rules would allow a one-way udp communication from the tftp server to the lan. that would be acceptable, should the tftp server bind the ports on startup and allow to use ports <1024. unfortunately it cannot be instructed to do so.

      what makes it worse in my case is i use the firewalls tftp server over source ports <1024 to pull some hidden config files that i do not wish to be world readable.

      thanks for your time

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.