English Forums > Zenarmor (Sensei)

Application Policies - details

(1/1)

Game0ver:
I am new to Opnsense / Zenarmor and really enjoying it; this is a great community.
Some things that baffle me..

- Is more detail available for Application Policies? Especially when its not exactly clear what is being blocked; specifically....


* Software Updates - Apple Pipeline
* Software Updates - Apple Telemetry
* Network Management - iPhone SecurityD

I also observed that the block for 'Proxy - iCloud Private Relay' doesn't work unless you also disable 'Media Streaming - Quic UDP Connection'.

'Proxy - iCloud Private Relay' appears to block mask-h2.icloud.com but not mask.icloud.com? (I know the firewall is not an ideal block for these, I should be issuing NXDOMAIN with Unbound but given I have a steep learning curve with the CLI and not really wanting to break my config files I make do blocking via the firewall and manually turn off Private Relay in my existing devices (the firewall method still causes a long client delay before ICPR gives up which his frustrating).

I am also forced to block Quic; without doing so the value of the firewall is diminished something I discovered on this journey. It appears Google, Facebook, Instagram, Apple - nearly everything uses it nowadays.
Will firewalls ever be able to inspect Quic in the future?

Thanks for you time reading this.

 

 

Navigation

[0] Message Index