Have spent the most part of the weekend trying to figure out how to get my games running with a locked down firewall. Current computer is on a separate vlan called PC Net and I added the rules PC Net to 443 (https) and PC Net to 80 (http). Then I added firewall rules for Battle.net/Steam/Origin to play games such as Modern Warfare, Apex Legends, NFS Heat.
Even after trying uPNP (as per this guide: pfSense and Multiple Xbox Ones: Open NAT Guide) I didn’t have any success. It seems the game server ports randomise and they use ports outside of the range specified.
I am not a fan of uPNP so I gave up on the above and just added the rule PC Net to Any. All games work fine and connections are good (even though some games list it as Strict NAT).
Is there a security concern running PC Net to Any?
You are exposing more ports on your PC which means if something running on your system has a port open and there is a flaw you are exposing that flaw to the world.
I am a bit confused, I thought you were talking about inbound ports. I would allow the computer all with egress ports, unless you want to deal with the tediousness of only allowing certain egress ports. Inbound ports are what pose more of a security risk than outbound ports. Something has to be on your computer to initiate the outbound connection and most modern malware will use common outbound ports.
Sorry for the confusion, I wasn’t clear in my explanation!
Yes this is for egress ports. So PC Net to Any should be fine as it is only opening the ports when required.
I am not too concerned with Malware etc as I am running very strict and rigorous pfblockerng rule sets.
I have read that pfSense is a stateful firewall so if a connection is allowed out on port 10 for instance it will allow an incoming connection on the same port only whilst that program is using the port
Generally speaking, inbound ports are the one you have to worry about.