WAN traffic passed on ports that are not open
-
I periodically check my firewall rules and noticed something concerning today. Over the span of 19 seconds I have 18 entries in my Firewall Log for Passed traffic on the WAN interface. The only 2 ports I have open on my WAN interface are OpenVPN and 8082 for Let's Encrypt validation and these ports aren't in the list of ports where traffic was passed. I'm not sure what Rule @4294967295 is referring to. I searched for the IP address in the screenshot below and it's showing up in multiple blacklists so this is bothering me even more. I have the "Log firewall default blocks" disabled so I'm used to my firewall logs being fairly empty so when, at a glance, I saw entries in it I was curious and then when I saw it was Passed traffic I was in a bit of a panic. I checked the States table and filtered by the IP in the screenshot below and there were no results, but it was a few hours after the logged timestamp that I found all this.
I have pfBlockerNG running with GeoIP blocking the Top 20 and the basic DNSBL configurations.
[Edit] I've also done external NMAP scans of the ports listed here and they show as closed. I'm also running version 2.4.4-RELEASE-p3
Anyone have any ideas or if I should post this on another topic board?
-
@Drusher said in WAN traffic passed on ports that are not open:
@4294967295
same as
https://forum.netgate.com/topic/147248/had-my-pfsense-been-compromised/31