Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Firewall log: block 10.127.160.1:67 on WAN every 30 - 60 s

    Scheduled Pinned Locked Moved Firewalling
    5 Posts 3 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T Offline
      Tubs
      last edited by

      Hello,

      I'm a new user of pfsense. Before I was using openWRT.

      Now my log is showing that the firewall is blocking on WAN UDP 10.127.160.1:67 –> 255.255.255.255:68 every 30 to 60 s. Block local network is enabled on WAN interface. But this is not the adress of the WAN interface and not the gateway address.

      After a little bit reserch I found out that this seems to be comming from the cable modem Cisco EPC3208.
      But what it is good for? What is the intention of the modem?
      Should I set a firewall rule to allow this adress from WAN port?

      1 Reply Last reply Reply Quote 0
      • chpalmerC Offline
        chpalmer
        last edited by

        Your cable company uses that private subnet for dhcp and to administer the cable modem.  Your modem actually has an address given it in that subnet as well as your public IP…

        To keep it out of the logs-

        Create a firewall rule to block it and....

        Go to WAN interface and uncheck "Block Private Networks".

        Triggering snowflakes one by one..
        Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

        1 Reply Last reply Reply Quote 0
        • T Offline
          Tubs
          last edited by

          @chpalmer:

          Your cable company uses that private subnet for dhcp and to administer the cable modem.  Your modem actually has an address given it in that subnet as well as your public IP…

          Thanks.

          I switched off "Block Private Networks" and block manually on WAN without logging:

          • 10.0.0.0/8

          • 172.16.0.0/12

          • 192.168.0.0/16

          • 127.0.0.0/8

          If my understanding is correct this is exactly what the automatic rule "Block Private Networks" is doing.

          Now my firewall log is not spammed any more by the cable modem.

          1 Reply Last reply Reply Quote 0
          • T Offline
            Tikimotel
            last edited by

            The logging of this rule message can be stopped by disabling "Log packets blocked by the default rule" in the settings.
            All of our cable modems also show this "WAN UDP 10.xx.xx.xx:67 –> 255.255.255.255:68" rule every 60 seconds or less.
            It is useless, it does nothing for performance or connection, so I disabled "Log packets blocked by the default rule" so it won't flood my logging with it's uselessness.

            Status: System logs:--> Settings

            1 Reply Last reply Reply Quote 0
            • T Offline
              Tubs
              last edited by

              @Tikimotel:

              The logging of this rule message can be stopped by disabling "Log packets blocked by the default rule" in the settings.

              Status: System logs:–> Settings

              Yes, this is right. But this will stop logging of all logging. And I would like to have the chance to check who tries to connect from outside.

              The way by setting-up a manual filter for the private networks without logging works fine.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.