Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SPI with pfSense?

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 3 Posters 4.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tontoOz
      last edited by

      I intend on using pfSense in a traditional router role rather than as a firewall per se.

      So I would like to configure pfSense to provide SPI capability similar to consumer routers?
      Please advise how I can do that, thanks.

      Also, is there any need to enable NAT-PMP (all clients are Apple) or UPnP? Would there be security implications of doing that?

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        If by "SPI" you mean "stateful packet inspection" then that's what pfSense does by default. If you really don't want to block traffic but you do want SPI, then you can add pass rules for all traffic on each interface from any/to any and so on. Kind of defeats the purpose, though.

        As for UPnP it is, by design, a security problem. It allows a local host to open up an external port to allow in traffic. So there will always be security implications for enabling it, but it is much more convenient for allowing in traffic for some things (especially game consoles) so it's frequently allowed. You can setup access restrictions for UPnP in the GUI.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by

          your typical off the shelf router is a firewall as well, it just has limited features in allowing configuration of the rules.  Many of them have very limited outbound controls, and inbound are all pretty much just port forwards with varying degrees of features depending on the make and model.

          But in a nutshell out of the box pfsense is same as any off the shelf home router in what it does.  It nats, all inbound traffic that is not direct answer to a request is blocked, while the default outbound rules from lan are any any.  This is pretty much what every off the shelf router does.

          Where pfsense allows you to go way beyond what any off the shelf router would allow you to do when you want to get fancier than that.  But if you want to use it like that - that is pretty much how it is out of the box.

          And yes you could even enable UPnP if you want it..  Where your off the self router is normally just an on and off checkbox, pfsense allows you to get fancier with allows and deny specific ports or deny from all except a specific IP to request, etc..

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.