What ports are open?
-
pfctl -sa
-
Wow, extremely handy! Any idea why GUIs were invented?
-
Dude, if you want GUI, then kindly Google for one of the loads of port scanners and let them do their job. Have a nice day. If you do not want the want the auto-added VPN rules, there you have the GUI ::) checkbox to disable them.
-
Sir, I'm definitely not your dude, I would know that.
I'm not the thread opener. He asked for: HOW can I find out which ports my pfSense opens. Why should I use a port scanner, if the fcking firewall is supposed to tell me, what it is doing with my security? And it has the fcking obligation to show it to me in the GUI.
Have a nice evening.
-
Lick my swamp with your attitude.
-
The answer is unless you have opened a port and see it listed with a pass rule on the WAN, the port is closed.
The exception would be if you are running uPNP. If so, check its status to see what ports its opened.
(I'd stay out of the swamps)
-
Lick my swamp with your attitude.
The irony is thick….
-
Dumb idea time…
Wouldn't it be nice to see any open WAN port that wasn't part of the rules added by user listed at the bottom of the WAN firewall tab?
Like you open the WAN firewall tab and all is as it is now except at the bottom a list of other opened ports and what opened them, like uPNP, would also be shown.
-
"And it has the f*cking obligation to show it to me in the GUI."
Says WHO?? I am quite sure if you want to supply the patches to do that they can be added to the code base, or people can install them.. But I don't see how the pfsense developers have any sort of obligation on they show the every single rule in the gui. If you don't like what they are doing, then just don't use pfsense - or come up with the way to do it how you want to do it and submit the code.
I can tell you one thing for sure showing all the rules would only confuse some users. And they would prob remove stuff like dhcp rules and then wonder why their wan cant get an address or why their clients don't get an IP, etc.
Look at how many threads get started because user fires up a opt interface and never bothers to setup any firewall rules or even look to see what rules if any are on the interface.
The OP has been given method to look at the full rules, he either look at rules.debug or pfctl https://doc.pfsense.org/index.php/How_can_I_see_the_full_PF_ruleset
While I also think it would be nice, maybe an advanced option to see all rules in the gui, it sure is not an obligation for the developers to do so. If your interested or concerned then its very simple to use pfctl or take a look at rules.debug.
edit: UPnP as metioned is another hidden thing to be honest, those are not shown in the standard interface tabs on the firewall or forwards. You need to take a look at UPnP tab to see what might be opened, etc.
-
Ok
Thanks for the answers
-
HOW can I find out which ports my pfSense opens. Why should I use a port scanner, if the fcking firewall is supposed to tell me, what it is doing with my security? And it has the fcking obligation to show it to me in the GUI.
As any router device, after initial install, by law (no, don't look for it) nothing can come in. To make things even more tight, NAT is active (read: no rules) so nothing gets send no-where into the LAN.
Said differently: a device like pfSense is 100 secure. Things start become suspected, even dangerous, when its being operated without knowledge.
Actually, cars and pfSense aren't any different.