"
I would like to configure the gateway very strict so i have the classic high-port problem for passive ftp when the gateway wants to update the blacklist definitions via ftp. Is there a way to set the ephemeral port range for it ?
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
General Discussion / Is there a way to set the ephemeral port range for ftp updates (Blacklists)
May 12, 2017, 03:04:26 PM #2
General Discussion / Rule behaviour / need Explanation
May 08, 2017, 02:26:32 PM
I ve the following floating rule to allow OPNsense itself to get updates from the internet:
("internal networks" is an alias containing all internal networks)
Allow Source: This Firewall - Destination !(internal networks) Prot:TCP,443 log
When i click "check for updates" everything works fine BUT if i look into the log files i see entries for this rule matching https AND http on port 80.
I checked the rule in pfinfo and for me it looks like the rule allows any traffic.
pass log quick inet proto tcp from (self:4) to ! flags S/SA keep state label "USER_RULE"
("internal networks" is an alias containing all internal networks)
Allow Source: This Firewall - Destination !(internal networks) Prot:TCP,443 log
When i click "check for updates" everything works fine BUT if i look into the log files i see entries for this rule matching https AND http on port 80.
I checked the rule in pfinfo and for me it looks like the rule allows any traffic.
pass log quick inet proto tcp from (self:4) to ! flags S/SA keep state label "USER_RULE"
Pages1
