Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Zenarmor (Sensei)
»
Application Policies - details
« previous
next »
Print
Pages: [
1
]
Author
Topic: Application Policies - details (Read 1292 times)
Game0ver
Newbie
Posts: 1
Karma: 0
Application Policies - details
«
on:
May 22, 2022, 06:51:40 am »
I am new to Opnsense / Zenarmor and really enjoying it; this is a great community.
Some things that baffle me..
- Is more detail available for Application Policies? Especially when its not exactly clear what is being blocked; specifically....
Software Updates - Apple Pipeline
Software Updates - Apple Telemetry
Network Management - iPhone SecurityD
I also observed that the block for 'Proxy - iCloud Private Relay' doesn't work unless you also disable 'Media Streaming - Quic UDP Connection'.
'Proxy - iCloud Private Relay' appears to block mask-h2.icloud.com but not mask.icloud.com? (I know the firewall is not an ideal block for these, I should be issuing NXDOMAIN with Unbound but given I have a steep learning curve with the CLI and not really wanting to break my config files I make do blocking via the firewall and manually turn off Private Relay in my existing devices (the firewall method still causes a long client delay before ICPR gives up which his frustrating).
I am also forced to block Quic; without doing so the value of the firewall is diminished something I discovered on this journey. It appears Google, Facebook, Instagram, Apple - nearly everything uses it nowadays.
Will firewalls ever be able to inspect Quic in the future?
Thanks for you time reading this.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Zenarmor (Sensei)
»
Application Policies - details