Prevent firewall logs from devices in WAN Net
-
On my private router I must necessarily connect a device that is constantly looking for other devices on the network.
pfSense detects this and reports it in the firewall log.
There is no configuration of this device that can prevent this search. On the other hand, I know this device and I don't care what it is doing.
I just want to prevent me from filling my log with hundreds of identical entries, like this with ports always different:Feb 18 12:05:59 WAN 192.168.10.15:59095 239.255.255.250:1900 UDP Feb 18 12:05:59 WAN 192.168.10.15:54933 239.255.255.250:1900 UDP Feb 18 12:05:59 WAN 192.168.10.15:60203 239.255.255.250:1900 UDP Feb 18 12:05:59 WAN 192.168.10.15:45411 239.255.255.250:1900 UDP
I have tried to put several "block" rules in the WAN, but the log still continues.
Eg.- Action: Block
- Interface: WAN
- IPv4/UDP
- Source: Host 192.168.10.15
- Destination: Host 239.255.255.250
- Ports: Any
-
@whitetiger-it I would assume that is being blocked by the rfc1918 block rule. You can set that not to log.
If its being logged by bogon or rfc1918 then those happen before any of your other rules, so you would have to either turn off those rules on this interface, or set them not to log.
Then if being logged by the default rule, you could just place a rule on top of your rule list that doesn't log this traffic be it allow or block.
-
@johnpoz
Thanks for your answer.
If I understand your suggestion correctly:- I have disabled the creation of the automatic rule in Interface
- I created the rule to block the device
- I created a rule that replaces the automatic one, adding the log of this
-
@whitetiger-it yeah that works.. Or you could of just turned off logging of that rule ;)
-
@johnpoz said in Prevent firewall logs from devices in WAN Net:
@whitetiger-it yeah that works.. Or you could of just turned off logging of that rule ;)
I keep logging in so if there is any other "strange thing" on the network it will be highlighted.
Thank you again