Topics

1

General Discussion / Is there a way to set the ephemeral port range for ftp updates (Blacklists)

« on: May 12, 2017, 03:04:26 pm »

I would like to configure the gateway very strict so i have the classic high-port problem for passive ftp when the gateway wants to update the blacklist definitions via ftp. Is there a way to set the ephemeral port range for it ?

2

General Discussion / Rule behaviour / need Explanation

« on: May 08, 2017, 02:26:32 pm »

I ve the following floating rule to allow OPNsense itself to get updates from the internet:
("internal networks" is an alias containing all internal networks)

Allow Source: This Firewall - Destination !(internal networks) Prot:TCP,443 log

When i click "check for updates" everything works fine BUT if i look into the log files i see entries for this rule matching https AND http on port 80.

I checked the rule in pfinfo and for me it looks like the rule allows any traffic.
pass log quick inet proto tcp from (self:4) to !  flags S/SA keep state label "USER_RULE"