Re: [pfSense] Fwd: Firewall Log

Sun, 23 Mar 2014 14:38:33 -0700

Blocking in the logs does not work and no luck with tcpdump.

On 3/19/2014 8:05 AM, Brian Candler wrote:
On 19/03/2014 11:59, Brian Caouette wrote:



-------- Original Message --------
Subject: Firewall Log
Date: Thu, 13 Mar 2014 12:48:33 -0400
From: Brian Caouette <bri...@dlois.com>
To: pfSense support and discussion <list@lists.pfsense.org>


Also seeing this in the log:

Mar 13 11:37:36 WAN Icon Reverse Resolve with DNS Icon Reverse Resolve with DNS Icon Easy Rule: Add to Block List 0.0.0.0:68 Icon Reverse Resolve with DNS Icon Reverse Resolve with DNS Icon Easy Rule: Pass this traffic 255.255.255.255:67 UDP
block
Mar 13 11:37:35 WAN Icon Reverse Resolve with DNS Icon Reverse Resolve with DNS Icon Easy Rule: Add to Block List 0.0.0.0:68 Icon Reverse Resolve with DNS Icon Reverse Resolve with DNS Icon Easy Rule: Pass this traffic 255.255.255.255:67 UDP
block
Mar 13 11:37:34 WAN Icon Reverse Resolve with DNS Icon Reverse Resolve with DNS Icon Easy Rule: Add to Block List 0.0.0.0:68 Icon Reverse Resolve with DNS Icon Reverse Resolve with DNS Icon Easy Rule: Pass this traffic 255.255.255.255:67 UDP
block
Mar 13 10:38:46 WAN Icon Reverse Resolve with DNS Icon Reverse Resolve with DNS Icon Easy Rule: Add to Block List 0.0.0.0:68 Icon Reverse Resolve with DNS Icon Reverse Resolve with DNS Icon Easy Rule: Pass this traffic 255.255.255.255:67 UDP
block
Mar 13 10:38:44 WAN Icon Reverse Resolve with DNS Icon Reverse Resolve with DNS Icon Easy Rule: Add to Block List 0.0.0.0:68 Icon Reverse Resolve with DNS Icon Reverse Resolve with DNS Icon Easy Rule: Pass this traffic 255.255.255.255:67 UDP
block
Mar 13 10:38:43 WAN Icon Reverse Resolve with DNS Icon Reverse Resolve with DNS Icon Easy Rule: Add to Block List 0.0.0.0:68 Icon Reverse Resolve with DNS Icon Reverse Resolve with DNS Icon Easy Rule: Pass this traffic 255.255.255.255:67 UDP
block
Mar 13 09:58:24 WAN Icon Reverse Resolve with DNS Icon Reverse Resolve with DNS Icon Easy Rule: Add to Block List 0.0.0.0:68 Icon Reverse Resolve with DNS Icon Reverse Resolve with DNS Icon Easy Rule: Pass this traffic 255.255.255.255:67 UDP
block
Mar 13 09:58:23 WAN Icon Reverse Resolve with DNS Icon Reverse Resolve with DNS Icon Easy Rule: Add to Block List 0.0.0.0:68 Icon Reverse Resolve with DNS Icon Reverse Resolve with DNS Icon Easy Rule: Pass this traffic 255.255.255.255:67 UDP



That's some device on the WAN network sending DHCP broadcasts, and getting no response. Maybe something like a switch which hasn't been configured with a management IP address.

You can add some reject-without-log rules at the end of your ruleset to silence these logs. Or you can identify the offending device (e.g. find its MAC address from tcpdump -e) and correct its config.



_______________________________________________
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list



_______________________________________________
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Reply via email to