IPv4 Link Local Blocked in 2.2
-
I just upgraded my home box from 2.1.5 to 2.2-BETA (amd64) built on Fri Oct 24 12:17:25 CDT 2014.
I have a MoCA adapter on my OPT1 interface which is dedicated to our two Verizon FiOS TV boxes. The network created by the MoCA devices sends out constant link local broadcasts to the router and in 2.1.5 I would create firewall rules to allow this traffic on the OPT1 interface so the Firewall log is not flooded with blocks every 2 seconds. I understand that IPv4 Link Local is blocked in 2.2 per https://redmine.pfsense.org/issues/2073. I don't think the blocking creates any issues for the FiOS TV MoCA network but it has created the problem with the firewall log being flooded with the blocks. Would it be acceptable to silently block the IPv4 traffic so it is not logged? Is this something I can accomplish with settings or a rule?
Sample of Firewall Log blocks:
Oct 25 10:04:55 OPT1_TV 169.254.1.87:34174 169.254.1.255:5000 UDP
Oct 25 10:04:54 OPT1_TV 169.254.1.246:7500 169.254.1.255:7500 UDP
Oct 25 10:04:50 OPT1_TV 169.254.1.246:21302 255.255.255.255:21302 UDP
Oct 25 10:04:48 OPT1_TV 169.254.1.246:42691 169.254.1.255:5000 UDP
Oct 25 10:04:44 OPT1_TV 169.254.1.246:7500 169.254.1.255:7500 UDP
Oct 25 10:04:39 OPT1_TV 169.254.1.246:21302 255.255.255.255:21302 UDP
Oct 25 10:04:38 OPT1_TV 169.254.1.87:34174 169.254.1.255:5000 UDP
Oct 25 10:04:34 OPT1_TV 169.254.1.246:7500 169.254.1.255:7500 UDP
Oct 25 10:04:33 OPT1_TV 169.254.1.246:42691 169.254.1.255:5000 UDP
Oct 25 10:04:29 OPT1_TV 169.254.1.246:21302 255.255.255.255:21302 UDP
Oct 25 10:04:24 OPT1_TV 169.254.1.246:7500 169.254.1.255:7500 UDP
Oct 25 10:04:23 OPT1_TV 169.254.1.87:34174 169.254.1.255:5000 UDP
Oct 25 10:04:19 OPT1_TV 169.254.1.246:21302 255.255.255.255:21302 UDP
Oct 25 10:04:17 OPT1_TV 169.254.1.246:42691 169.254.1.255:5000 UDP
Oct 25 10:04:14 OPT1_TV 169.254.1.246:7500 169.254.1.255:7500 UDP -
That is controlled from Status->System Logs, Settings tab. Uncheck "Log packets matched from the default block rules put in the ruleset".
That turns off all that sort of logging. (I checked in my /tmp/rules.debug and it does apply to the link-local block as well as other generic default block rules)
If you want to log other default block rule/s then you just put actual block rules of your own at the end of your rule set with logging on for only the things you want to see logged.
-
Thank you. That works!