UDP blocked on WAN ?
-
Hello everyone,
i don't understand why but it seems by default some UDP packet are drop by the firewall:
block/1000000103 Mar 21 20:34:44 WAN 120.24.76.167:2837 MON_IP_WAN:50905 UDP block/1000000103 Mar 21 20:34:44 WAN 115.29.178.199:3437 MON_IP_WAN:37909 UDP block/1000000103 Mar 21 20:34:44 WAN 50.7.44.82:30658 MON_IP_WAN:40430 UDP block/1000000103 Mar 21 20:34:04 WAN 120.24.76.167:2837 MON_IP_WAN:50905 UDP
does someone has an explanation ?
it seems some rules go ok when the routing is made to my LAN IP but when it's only routed to my WAN_IP it's block …
it never happen with TCP, only with UDPhere is my release :
2.2.6-RELEASE (amd64)
built on Mon Dec 21 14:50:08 CST 2015
FreeBSD 10.1-RELEASE-p25 -
Those are likely the default block rule, basically dropping the packets because there is no state for them.
By definition TCP has state, the pf code creates state for UDP traffic that it knows about (originated from your LAN or the pfSense box itself).
-
So your seeing NOISE an wondering why its blocked?? Yeah there is a lot of UDP noise on the internet.. If you don't want to see it, then turn off your default block. If your just interested in tcp then create your own rule that logs tcp. I just log tcp syn packets to my wan IP..
-
So your seeing NOISE an wondering why its blocked?? Yeah there is a lot of UDP noise on the internet.. If you don't want to see it, then turn off your default block. If your just interested in tcp then create your own rule that logs tcp. I just log tcp syn packets to my wan IP..
how do it ?
-
from web interface, Status, System Logs, Settings. Look for the section "Log Firewall Default Blocks" and uncheck whatever is checked, then click the Save button at the bottom. That will turn off logging for the default block rules.
The other part, Firewall, Rules add one for whatever interface you want or Floating, check the "Log Packets handled by this rule", scroll down further to the Advanced Features, TCP flags, click on SYN in the Set. -
I use a Zyxel 2XW and in the Firewall screen I pick packet direction as Wan to WAN and block all TCP/UDP ports from 1-65535. Log the hits and see what happens to your log file. It will fill up quickly.
-
^ What??? Did you read the thread?