How to disable tftp-proxy service?
-
I'm seeing a lot of messages in my syslogs that look like this:
May 5 01:36:35 tftp-proxy 99308 146.88.240.4:34504 -> 127.0.0.1:6969/{WAN IP}:61119 -> {WAN IP}:69 "RRQ ay9mfwq7xxmd4w6cz" May 4 21:51:40 tftp-proxy 5165 184.105.139.94:32825 -> 127.0.0.1:6969/{WAN IP}:57740 -> {WAN IP}:69 "RRQ a.pdf" May 4 09:43:36 tftp-proxy 47300 172.105.220.161:49874 -> 127.0.0.1:6969/{WAN IP}50101 -> {WAN IP}:69 "RRQ a.pdf"From these same 3 sources, every day for over 2 months. I looked them up and they all seem to be security "researchers", but obviously I dont want to let outside sources use TFTP, period. I dont even want TFTP enabled at all, I dont need or use it. I tried looking for the tftp-proxy service, but I dont see it running, and I dont see any page to manage it anywhere. I have all external access to the firewall disabled so I'm not even sure why pfsense is passing these requests in the first place, the firewall should be invisible from the outside as far as I know, I cannot get it to respond from the outside in any meaningful way so I'm not sure how theyre able to do it.
-
I found it, its under System -> Advanced -> Firewall & NAT -> Network Address Translation -> TFTP Proxy
Now that I found it, I do remember turning this on when I was having issues getting NAT to work properly, but I dont remember why I did it.