Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Allow any to WAN rule, what protocols and why?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Allow any to WAN rule, what protocols and why? (Read 1951 times)
senser
Jr. Member
Posts: 55
Karma: 0
Allow any to WAN rule, what protocols and why?
«
on:
August 06, 2020, 08:37:04 am »
Generally you would only need to allow TCT/UDP to any on wan for a home router, I guess...but the default is to allow all protocols. The list of those protocols is long, many of them i have no clue about. Wouldn‘t it be better for me to allow TCP/UDP only? Thanks.
Logged
lar.hed
Sr. Member
Posts: 323
Karma: 10
Re: Allow any to WAN rule, what protocols and why?
«
Reply #1 on:
August 06, 2020, 11:44:26 am »
What I think you are referring to, is white list only what you need, everything else is blacklisted?
I just did this, since that is how I like this. I made a bunch of misstakes on the way, so I say this: Are you sure you need to?
If you are only running the most normal vanilla stuff, you need to allow port:
80 - HTTP
443 - HTTPS
53 - DNS or 853 for DNS-over-TLS (Unbound Plus)
Maybe:
123 - NTP
Thats about that. But are you sure you like to walk this very tiny road down?
Logged
senser
Jr. Member
Posts: 55
Karma: 0
Re: Allow any to WAN rule, what protocols and why?
«
Reply #2 on:
August 08, 2020, 07:12:58 pm »
Yes, I wonder if I should be be more strikt and allow only TCP/UDP to Any on WAN instead of all protocols or if that is a bad idea.
I dont want to allow only certain ports, that is too tedious.
Logged
lar.hed
Sr. Member
Posts: 323
Karma: 10
Re: Allow any to WAN rule, what protocols and why?
«
Reply #3 on:
August 08, 2020, 08:19:33 pm »
I do not see the point in only allowing UDP/TCP ports - not worth it at all.
As I wrote, I have done alot to get into a "whitelist" kind och installation, and man it is still giving me problems (with MultiWAN for the moment, everything else seems to work). So I say this: Don't do it.
Logged
chemlud
Hero Member
Posts: 2481
Karma: 112
Re: Allow any to WAN rule, what protocols and why?
«
Reply #4 on:
August 08, 2020, 08:23:53 pm »
As long as you don't understand what you are doing: Don't do. ;-)
That said: for normal browsing port 80/443 and TCP(/UDP) (plus DNS via OPNsense port 53) is enough. But only you know what all your clients need on your network.
Logged
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare
felix eichhorns premium katzenfutter mit der extraportion energie
A router is not a switch - A router is not a switch - A router is not a switch - A rou....
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Allow any to WAN rule, what protocols and why?