I have OpenNTPD enabled on WAN & LAN along with a LAN rule allowing systems on LAN to connect to the PFSense box for synchronisation. The systems on LAN are getting their time fine from the router but I'm wondering do I need to make a WAN rule so that the router itself can connect to the external time server? or is it automatic?
I'm wondering do I need to make a WAN rule so that the router itself can connect to the external time server?
No. pfSense firewall rules apply on the interface at which "connects" enter the firewall. Connects issued by an application running on the firewall don't enter the firewall they effectively bypass firewall rules.
I see, brilliant thanks. I suppose this explains why DHCP/DNS don't need any WAN rules either.
This PFSense box has been a lot to get my head around but I'm slowly getting there. :)