Application Policies - details

Started by Game0ver, May 22, 2022, 06:51:40 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 22, 2022, 06:51:40 AM
I am new to Opnsense / Zenarmor and really enjoying it; this is a great community.
Some things that baffle me..

- Is more detail available for Application Policies? Especially when its not exactly clear what is being blocked; specifically....


  • Software Updates - Apple Pipeline
  • Software Updates - Apple Telemetry
  • Network Management - iPhone SecurityD


I also observed that the block for 'Proxy - iCloud Private Relay' doesn't work unless you also disable 'Media Streaming - Quic UDP Connection'.

'Proxy - iCloud Private Relay' appears to block mask-h2.icloud.com but not mask.icloud.com? (I know the firewall is not an ideal block for these, I should be issuing NXDOMAIN with Unbound but given I have a steep learning curve with the CLI and not really wanting to break my config files I make do blocking via the firewall and manually turn off Private Relay in my existing devices (the firewall method still causes a long client delay before ICPR gives up which his frustrating).

I am also forced to block Quic; without doing so the value of the firewall is diminished something I discovered on this journey. It appears Google, Facebook, Instagram, Apple - nearly everything uses it nowadays.
Will firewalls ever be able to inspect Quic in the future?

Thanks for you time reading this.





Print
Go Up Pages1
User actions