Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    UDP blocked on WAN ?

    Scheduled Pinned Locked Moved General pfSense Questions
    7 Posts 5 Posters 2.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O Offline
      Oniric
      last edited by

      Hello everyone,

      i don't understand why but it seems by default some UDP packet are drop by the firewall:

      block/1000000103
Mar 21 20:34:44	WAN 120.24.76.167:2837	MON_IP_WAN:50905	UDP
 block/1000000103
Mar 21 20:34:44	WAN	115.29.178.199:3437	MON_IP_WAN:37909	UDP
 block/1000000103
Mar 21 20:34:44	WAN	50.7.44.82:30658	        MON_IP_WAN:40430	UDP
 block/1000000103
Mar 21 20:34:04	WAN	120.24.76.167:2837	MON_IP_WAN:50905	UDP

      does someone has an explanation ?

      it seems some rules go ok when the routing is made to my LAN IP but when it's only routed to my WAN_IP it's block …
      it never happen with TCP, only with UDP

      here is my release :
      2.2.6-RELEASE (amd64)
      built on Mon Dec 21 14:50:08 CST 2015
      FreeBSD 10.1-RELEASE-p25

      1 Reply Last reply Reply Quote 0
      • M Offline
        mer
        last edited by

        Those are likely the default block rule, basically dropping the packets because there is no state for them.

        By definition TCP has state, the pf code creates state for UDP traffic that it knows about (originated from your LAN or the pfSense box itself).

        1 Reply Last reply Reply Quote 0
        • johnpozJ Online
          johnpoz LAYER 8 Global Moderator
          last edited by

          So your seeing NOISE an wondering why its blocked??  Yeah there is a lot of UDP noise on the internet..  If you don't want to see it, then turn off your default block.  If your just interested in tcp then create your own rule that logs tcp.  I just log tcp syn packets to my wan IP..

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

          1 Reply Last reply Reply Quote 0
          • W Offline
            whitexp
            last edited by

            @johnpoz:

            So your seeing NOISE an wondering why its blocked??  Yeah there is a lot of UDP noise on the internet..  If you don't want to see it, then turn off your default block.  If your just interested in tcp then create your own rule that logs tcp.  I just log tcp syn packets to my wan IP..

            how do it ?

            1 Reply Last reply Reply Quote 0
            • M Offline
              mer
              last edited by

              from web interface, Status, System Logs, Settings.  Look for the section "Log Firewall Default Blocks" and uncheck whatever is checked, then click the Save button at the bottom.  That will turn off logging for the default block rules.
              The other part, Firewall, Rules add one for whatever interface you want or Floating, check the "Log Packets handled by this rule", scroll down further to the Advanced Features, TCP flags, click on SYN in the Set.

              1 Reply Last reply Reply Quote 0
              • K Offline
                Kryzen
                last edited by

                I use a Zyxel 2XW and in the Firewall screen I pick packet direction as Wan to WAN and block all TCP/UDP ports from 1-65535.  Log the hits and see what happens to your log file.  It will fill up quickly.

                Bikram Singh Majithia

                1 Reply Last reply Reply Quote 0
                • johnpozJ Online
                  johnpoz LAYER 8 Global Moderator
                  last edited by

                  ^ What???  Did you read the thread?

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.