Re: [pfSense] How do I stop "noise" to logs

[Edward Servello]

Tim,

One more shot at this before I give up...

I created a sample rule using the GUI. Does your rule look like this one?

~Ed



On 2/23/2015 11:48 AM, Tim Hogan wrote:

Ed,

I have version 2.1.46.30093 installed on my NAS which is newer than 
the link below.  I have also discovered burred under the noise being 
created by the NAS that I have one other device also generating the 
same type of traffic, just not as often.  This other device was my 
Samsung Tablet and I found that if I turned off the media discovery 
service on the table that the traffic stopped.  I have disabled media 
sharing on the NAS but the traffic is still being generated.


My point here is not to fix broken implementations that various 
vendors put in place but instead my feeling that I should be able to 
have some control over the "built-in" rules and prevent logging if I 
so desire.


Regards,
Tim


On 2/23/2015 8:40 AM, Edward Servello wrote:

Hi again Tim,

Does your NAS device have the most recent firmware applied. I found 
this article with a link to firmware on the Lenovo site.


https://lenovo-na-en.custhelp.com/app/answers/detail/a_id/24661/kw/2.1.38.22294/related/1 



~Ed

On Mon, Feb 23, 2015 at 8:56 AM, Tim Hogan > wrote:


Ed,

I agree that it would be nice to be able to stop this at the
source however, the source is an iOmega ix-200d appliance. I have
manually set the IP address in the GUI but who knows how iOmega
has built this thing.  I have noticed that this traffic does not
start right after a reboot.  It takes a couple of minutes which
makes me think that there is some process that starts up that is
generating this traffic.  But without control at the OS layer I do
not know how to stop it.  So my option it to try and quite the 
noise.


Regards,
Tim



On 2/22/2015 11:20 AM, Edward Servello wrote:

Hello Tim,

The problem appears in pfSense Issue 2073
.

The APIPA address (autoIP 169.254) is not valid on the
interface that's logging the error. That may be blocked and
logged by pfSense before the user-defined rules are applied.
Could the NAS be using the APIPA addresses because it's not
getting a response from DHCP? Did you try assigning a fixed,
valid address on the NAS to stop it from falling back to
169.254? It might be better overall to address the root cause
rather than stopping the logging.

~Ed

On 2/22/2015 9:25 AM, Tim Hogan wrote:

Hello All,

I am using pfSense v2.2 and I have been seeing a bunch of
firewall log entries blocking traffic to the
169.254.0.0/16  netblock.  This
traffic seems to be created by an older NAS that I have
and I really do not want these message in my logs. So, my
thought was that I would create a rule on my LAN to block
that traffic and I would just make sure that the "log
traffic" option was unchecked.  That did not work. When I
look at the log entry I see the following message.

The rule that triggered this action is:
@8(100102) block drop in log quick inet from any to
169.254.0.0/16  label "Block IPv4
link-local"

Where on earth is that rule so I can remove the log
option?  Or is there a setting that I missed somewhere?

Thanks,
Tim

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold




___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold




___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] How do I stop "noise" to logs

[Jim Spaloss]

If you're interested in just silencing the noice from that particular
device, create a block (or reject) rule that matches the source IP with
logging disabled on that rule.

I often do this on my WAN interfaces to keep NetBIOS noise from filling up
my logs.
On Feb 23, 2015 4:35 PM, "Chris Buechler"  wrote:

>
>
> On Mon, Feb 23, 2015 at 10:48 AM, Tim Hogan  wrote:
>
>> Ed,
>>
>> I have version 2.1.46.30093 installed on my NAS which is newer than the
>> link below.  I have also discovered burred under the noise being created by
>> the NAS that I have one other device also generating the same type of
>> traffic, just not as often.  This other device was my Samsung Tablet and I
>> found that if I turned off the media discovery service on the table that
>> the traffic stopped.  I have disabled media sharing on the NAS but the
>> traffic is still being generated.
>>
>> My point here is not to fix broken implementations that various vendors
>> put in place but instead my feeling that I should be able to have some
>> control over the "built-in" rules and prevent logging if I so desire.
>>
>
> Logging on that rule is controlled by whether you log for the default
> deny. Status>System logs, Settings tab.
>
>
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] How do I stop "noise" to logs

[Chris Buechler]

On Mon, Feb 23, 2015 at 10:48 AM, Tim Hogan  wrote:

> Ed,
>
> I have version 2.1.46.30093 installed on my NAS which is newer than the
> link below.  I have also discovered burred under the noise being created by
> the NAS that I have one other device also generating the same type of
> traffic, just not as often.  This other device was my Samsung Tablet and I
> found that if I turned off the media discovery service on the table that
> the traffic stopped.  I have disabled media sharing on the NAS but the
> traffic is still being generated.
>
> My point here is not to fix broken implementations that various vendors
> put in place but instead my feeling that I should be able to have some
> control over the "built-in" rules and prevent logging if I so desire.
>

Logging on that rule is controlled by whether you log for the default deny.
Status>System logs, Settings tab.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] How do I stop "noise" to logs

[Edward Servello]

Hi again Tim,

Does your NAS device have the most recent firmware applied. I found this
article with a link to firmware on the Lenovo site.

https://lenovo-na-en.custhelp.com/app/answers/detail/a_id/24661/kw/2.1.38.22294/related/1

~Ed

On Mon, Feb 23, 2015 at 8:56 AM, Tim Hogan  wrote:

> Ed,
>
> I agree that it would be nice to be able to stop this at the source
> however, the source is an iOmega ix-200d appliance.  I have manually set
> the IP address in the GUI but who knows how iOmega has built this thing.  I
> have noticed that this traffic does not start right after a reboot.  It
> takes a couple of minutes which makes me think that there is some process
> that starts up that is generating this traffic.  But without control at the
> OS layer I do not know how to stop it.  So my option it to try and quite
> the noise.
>
> Regards,
> Tim
>
>
>
> On 2/22/2015 11:20 AM, Edward Servello wrote:
>
>> Hello Tim,
>>
>> The problem appears in pfSense Issue 2073 > issues/2073>.
>>
>> The APIPA address (autoIP 169.254) is not valid on the interface that's
>> logging the error. That may be blocked and logged by pfSense before the
>> user-defined rules are applied. Could the NAS be using the APIPA addresses
>> because it's not getting a response from DHCP? Did you try assigning a
>> fixed, valid address on the NAS to stop it from falling back to 169.254? It
>> might be better overall to address the root cause rather than stopping the
>> logging.
>>
>> ~Ed
>>
>> On 2/22/2015 9:25 AM, Tim Hogan wrote:
>>
>>> Hello All,
>>>
>>> I am using pfSense v2.2 and I have been seeing a bunch of firewall log
>>> entries blocking traffic to the 169.254.0.0/16 netblock.  This traffic
>>> seems to be created by an older NAS that I have and I really do not want
>>> these message in my logs.  So, my thought was that I would create a rule on
>>> my LAN to block that traffic and I would just make sure that the "log
>>> traffic" option was unchecked.  That did not work.  When I look at the log
>>> entry I see the following message.
>>>
>>> The rule that triggered this action is:
>>> @8(100102) block drop in log quick inet from any to 169.254.0.0/16
>>> label "Block IPv4 link-local"
>>>
>>> Where on earth is that rule so I can remove the log option?  Or is there
>>> a setting that I missed somewhere?
>>>
>>> Thanks,
>>> Tim
>>>
>>> ___
>>> pfSense mailing list
>>> https://lists.pfsense.org/mailman/listinfo/list
>>> Support the project with Gold! https://pfsense.org/gold
>>>
>>
>>
>>
>> ___
>> pfSense mailing list
>> https://lists.pfsense.org/mailman/listinfo/list
>> Support the project with Gold! https://pfsense.org/gold
>>
>
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] How do I stop "noise" to logs

[Tim Hogan]

Ed,

I agree that it would be nice to be able to stop this at the source 
however, the source is an iOmega ix-200d appliance.  I have manually set 
the IP address in the GUI but who knows how iOmega has built this 
thing.  I have noticed that this traffic does not start right after a 
reboot.  It takes a couple of minutes which makes me think that there is 
some process that starts up that is generating this traffic.  But 
without control at the OS layer I do not know how to stop it.  So my 
option it to try and quite the noise.


Regards,
Tim



On 2/22/2015 11:20 AM, Edward Servello wrote:

Hello Tim,

The problem appears in pfSense Issue 2073 
.


The APIPA address (autoIP 169.254) is not valid on the interface 
that's logging the error. That may be blocked and logged by pfSense 
before the user-defined rules are applied. Could the NAS be using the 
APIPA addresses because it's not getting a response from DHCP? Did you 
try assigning a fixed, valid address on the NAS to stop it from 
falling back to 169.254? It might be better overall to address the 
root cause rather than stopping the logging.


~Ed

On 2/22/2015 9:25 AM, Tim Hogan wrote:

Hello All,

I am using pfSense v2.2 and I have been seeing a bunch of firewall 
log entries blocking traffic to the 169.254.0.0/16 netblock.  This 
traffic seems to be created by an older NAS that I have and I really 
do not want these message in my logs.  So, my thought was that I 
would create a rule on my LAN to block that traffic and I would just 
make sure that the "log traffic" option was unchecked.  That did not 
work.  When I look at the log entry I see the following message.


The rule that triggered this action is:
@8(100102) block drop in log quick inet from any to 
169.254.0.0/16 label "Block IPv4 link-local"


Where on earth is that rule so I can remove the log option?  Or is 
there a setting that I missed somewhere?


Thanks,
Tim

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold




___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] How do I stop "noise" to logs

[Edward Servello]

Hello Tim,

The problem appears in pfSense Issue 2073 
.


The APIPA address (autoIP 169.254) is not valid on the interface that's 
logging the error. That may be blocked and logged by pfSense before the 
user-defined rules are applied. Could the NAS be using the APIPA 
addresses because it's not getting a response from DHCP? Did you try 
assigning a fixed, valid address on the NAS to stop it from falling back 
to 169.254? It might be better overall to address the root cause rather 
than stopping the logging.


~Ed

On 2/22/2015 9:25 AM, Tim Hogan wrote:

Hello All,

I am using pfSense v2.2 and I have been seeing a bunch of firewall log 
entries blocking traffic to the 169.254.0.0/16 netblock.  This traffic 
seems to be created by an older NAS that I have and I really do not 
want these message in my logs.  So, my thought was that I would create 
a rule on my LAN to block that traffic and I would just make sure that 
the "log traffic" option was unchecked. That did not work.  When I 
look at the log entry I see the following message.


The rule that triggered this action is:
@8(100102) block drop in log quick inet from any to 169.254.0.0/16 
label "Block IPv4 link-local"


Where on earth is that rule so I can remove the log option?  Or is 
there a setting that I missed somewhere?


Thanks,
Tim

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] How do I stop "noise" to logs

[Tim Hogan]

Hello All,

I am using pfSense v2.2 and I have been seeing a bunch of firewall log 
entries blocking traffic to the 169.254.0.0/16 netblock.  This traffic 
seems to be created by an older NAS that I have and I really do not want 
these message in my logs.  So, my thought was that I would create a rule 
on my LAN to block that traffic and I would just make sure that the "log 
traffic" option was unchecked.  That did not work.  When I look at the 
log entry I see the following message.


The rule that triggered this action is:
@8(100102) block drop in log quick inet from any to 169.254.0.0/16 
label "Block IPv4 link-local"


Where on earth is that rule so I can remove the log option?  Or is there 
a setting that I missed somewhere?


Thanks,
Tim

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold