Block private/bogon network option request
-
I think that the block private network options are a nice feature when configuring the wan/lan interfaces, but I would like to see either A) an option to disable logging for these or B) the ability to prioritize a manual firewall rule ahead of them.
The reason for my request is that there is a 10. address on my assigned ISP subnet that is sending broadcast packets out every couple of seconds. Consequently, my firewall log is getting clogged up with these blocked entries. I realize that this is perhaps an unusual scenario. I also realize that there is a global setting to enable/disable default rule actions, and apparently the private network rules fall under the 'default' category. In general, I would like to maintain logging of default rule actions and so I don't wish to disable this setting.
To resolve this I ended up disabling the RFC 1918 rule on the WAN interface, and manually added these rules with logging disabled. The firewall log is now usable again. Not a big deal, just thought that I would ask for the option (I am new to pfSense, so if I've missed an alternative approach please do let me know!). Thanks much…
-
These rules will eventually be turned into normal rules that reference a special alias for rfc1918 and bogons. (Probably for 2.1)
It's easy to disable the rfc1918 rule and make your own alias that contains the rfc1918 nets (it's only three networks) and then use your own rule, set however you like.
