Rule @4294967295.
-
Hi,
Could anyone explain this rule @4294967295?
I haven't set up any accept rules on WAN. Private networks, loopback address and bogon is blocked on WAN.
It looks like that there were incoming multicats request to WAN and were accepted.
Logs:
I tried grep this rules pfctl -vvsr | grep 4294967295 but nothing.
Thanks for your assistances.
-
@Danil-0 did you enable the igmp proxy?
-
@johnpoz No, it is disable.
-
@Danil-0 did you recently upgrade?
I see this old redmine
https://redmine.pfsense.org/issues/12872
Do you have something like UPnP running?
edit:
I recall a really old thread.. Let me see if can dig it up..
https://forum.netgate.com/topic/147248/had-my-pfsense-been-compromised -
@johnpoz said in Rule @4294967295.:
I recall a really old thread.. Let me see if can dig it up..
Yes, Pfsense version is 23.09.1 but I had this issue before at 23.09 version. Maybe at 23.05.1.
Filter log:
Dec 14 06:10:06 host filterlog[30289]: 4294967295,,,0,mvneta0,ip-option,pass,in,4,0xc0,,1,0,0,DF,2,igmp,32,0.0.0.0,224.0.0.1,datalength=8 Dec 14 06:10:06 host filterlog[30289]: 4294967295,,,0,mvneta0,ip-option,pass,in,4,0x0,,1,32089,0,none,2,igmp,32,10.50.xxx.xxx,224.0.0.251,datalength=8I will check this thread, thanks.
-
@johnpoz UPnP isn't running.
-
@johnpoz Problem solved by internet provider. Thanks for your help.
-
@Danil-0 said in Rule @4294967295.:
Problem solved by internet provider.
They could stop the traffic from getting to you - but that is not an answer to why firewall says the traffic was allowed by a rule number that doesn't exist. Points to that issue discussed in the thread about "short" packets maybe..
-
@johnpoz You're right, it didn't help. I'm trying to figure out again.
