Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    UPNP Filtering

    General pfSense Questions
    3
    3
    412
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rhodges last edited by

      Is there a way to disallow a upnp request? If there was a way to block it based on source and the description, that would solve some issues I have.

      A lot of games now are coming with some sort of built in torrent application that isn't needed for the game, and can update just fine without it.  Instead of trying to keep it disabled on computers, it would be nice just block it.

      I know I could either block it on the local computer via windows firewall or my antivirus program, but the pfsense would be better for me?

      Specifically, I had a computer on my home network that has Aion installed.  I looked at my upnp status and found it had 4 ports opened with a description of NCUpdatehelper, which is basically a torrent client.  It would be nice if I could say, source = xxx.xxx.xxx.xxx and description = NCUpdatehelper, nope.

      Thoughts?

      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        The UPnP settings page has a place to write some UPnP access lists. I don't recall the exact syntax off the top of my head, but it should be in the miniupnpd documentation and there are some examples in the GUI.

        1 Reply Last reply Reply Quote 0
        • C
          Cino last edited by

          The GUI example helped me in the past… Since you know the IP, does either the external port or internal port stay the same? If so, you could create a rule like the one I have below.

          deny external port IP internal port

          
          deny 443 192.168.0.100 443
          
          
          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy