Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    UPNP Filtering

    General pfSense Questions
    3
    3
    417
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rhodges last edited by

      Is there a way to disallow a upnp request? If there was a way to block it based on source and the description, that would solve some issues I have.

      A lot of games now are coming with some sort of built in torrent application that isn't needed for the game, and can update just fine without it.  Instead of trying to keep it disabled on computers, it would be nice just block it.

      I know I could either block it on the local computer via windows firewall or my antivirus program, but the pfsense would be better for me?

      Specifically, I had a computer on my home network that has Aion installed.  I looked at my upnp status and found it had 4 ports opened with a description of NCUpdatehelper, which is basically a torrent client.  It would be nice if I could say, source = xxx.xxx.xxx.xxx and description = NCUpdatehelper, nope.

      Thoughts?

      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        The UPnP settings page has a place to write some UPnP access lists. I don't recall the exact syntax off the top of my head, but it should be in the miniupnpd documentation and there are some examples in the GUI.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • C
          Cino last edited by

          The GUI example helped me in the past… Since you know the IP, does either the external port or internal port stay the same? If so, you could create a rule like the one I have below.

          deny external port IP internal port

          
          deny 443 192.168.0.100 443
          
          
          1 Reply Last reply Reply Quote 0
          • First post
            Last post