Re: [pfSense] Fwd: Firewall Log

Brian Caouette Sun, 23 Mar 2014 14:38:33 -0700

Blocking in the logs does not work and no luck with tcpdump.

On 3/19/2014 8:05 AM, Brian Candler wrote:

On 19/03/2014 11:59, Brian Caouette wrote:

-------- Original Message --------

Subject: Firewall Log

Date: Thu, 13 Mar 2014 12:48:33 -0400

From: Brian Caouette <[email protected]>

To: pfSense support and discussion <[email protected]>

Also seeing this in the log:

Mar 13 11:37:36 WAN 0.0.0.0:68 255.255.255.255:67 UDP

Mar 13 11:37:35 WAN 0.0.0.0:68 255.255.255.255:67 UDP

Mar 13 11:37:34 WAN 0.0.0.0:68 255.255.255.255:67 UDP

Mar 13 10:38:46 WAN 0.0.0.0:68 255.255.255.255:67 UDP

Mar 13 10:38:44 WAN 0.0.0.0:68 255.255.255.255:67 UDP

Mar 13 10:38:43 WAN 0.0.0.0:68 255.255.255.255:67 UDP

Mar 13 09:58:24 WAN 0.0.0.0:68 255.255.255.255:67 UDP

Mar 13 09:58:23 WAN 0.0.0.0:68 255.255.255.255:67 UDP

That's some device on the WAN network sending DHCP broadcasts, and getting no response. Maybe something like a switch which hasn't been configured with a management IP address.

You can add some reject-without-log rules at the end of your ruleset to silence these logs. Or you can identify the offending device (e.g. find its MAC address from tcpdump -e) and correct its config.
_______________________________________________
List mailing list
[email protected]
https://lists.pfsense.org/mailman/listinfo/list

_______________________________________________
List mailing list
[email protected]
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Fwd: Firewall Log

Reply via email to