• Hi

    I am new to this forum and to pfSense.  I have searched the forum and not found the information Iam after so hoping someone can comment.

    I have just moved from a Draytek 2960 to pfSense box.  The installation went smoothly with no issues.

    ADSL2 connection to Draytek 130 modem (the 130 is configured to bridge/pass through mode),  Draytek 130 connected to pfSense box  (pfSense running PPPOE on WAN interface,  I also have a static ip from my ISP which gets assigned when the pfSense box connects)
    The pfSense box is configured just with default settings block all in and allow all out.  I have internet seems to work as its ment to.

    1. Looking at the firewall logs I see its blocking external IP address (as it should) however the volume seems high compared to when the Draytek router was in place.  pfSense shows about 4+ per minute.  When the Draytek was in place I use to get maybe 5 - 10 a day.  Is this normal as it does not seem right.

    2.  I also notices in the firewall logs that the WAN interface (em0) is all broadcasting every 10 seconds as follows Interface: em0 Source: xxxx port Destination: port 4944 (always same port for destination)  I think this is DHCP broadcast but not sure why it does it.  Can this be turned off as it creates a lot of noise in the firewall logs and not sure why its doing it.

    Any thoughts/comments would be appreciated.


  • 4 per minute is nothing. I was getting several per second before I turned off logging on the default block rule.

    With my 100Mb connection, I could scan the entire Internet in about 1.5 hours. During that scan I will have hit you at least once. Over the period of the day, I will have hit you almost 16 times. That's one computer. There are hundreds and thousands of compromised computers constantly scanning. If it was showing 5-10 per day, then it wasn't showing you everything.