Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
21.7 Legacy Series
»
How to properly configure a rule for RPC?
« previous
next »
Print
Pages: [
1
]
Author
Topic: How to properly configure a rule for RPC? (Read 1675 times)
Guybrush
Newbie
Posts: 6
Karma: 0
How to properly configure a rule for RPC?
«
on:
November 04, 2021, 10:41:08 pm »
Greetings,
I am currently testing out how to enable RPC through Opnsense (current). The standard ports are no big deal, but how do I handle the dynamic high range ports? I do not want to (means - cannot) restrict RPC ports on the destination Windows machines for several reasons. I usually work with Barracuda Firewalls, they have a RPC helper, which works fine. I wonder if there is something similar available with Opnsense? If so, can anybody point me to a how-to/docs/something to accomplish that?
Huge thanks in advance
Guybrush
Logged
benyamin
Full Member
Posts: 224
Karma: 13
Re: How to properly configure a rule for RPC?
«
Reply #1 on:
November 05, 2021, 02:01:58 pm »
I believe that would require a helper capable of inspection and control at OSI Layer 5 (Session Layer) at a minimum and for that information to be maintained in some sort of session state table (or THE session state table).
Usually this would require hardware inspection, i.e. ASICs, to not adversely affect performance. That being said, clearly some software firewalls over the years have been able to do this (think M$). IIRC, with the demise of TMG, I think Barracuda and some others picked up this feature.
I'm not aware of anything in the OPNsense space that would fit the bill.
Maybe some Layer 7 plugin...? Are there any?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
21.7 Legacy Series
»
How to properly configure a rule for RPC?