Strange firewall behavior with latest snapshot

hessie

My Firewall log shows this since updating:

Aug 15 07:02:31 WAN 10.127.128.1:67 255.255.255.255:68 UDP
Aug 15 07:02:31 WAN 10.127.128.1:67 255.255.255.255:68 UDP
Aug 15 07:02:27 WAN 10.127.128.1:67 255.255.255.255:68 UDP
Aug 15 07:02:27 WAN 10.127.128.1:67 255.255.255.255:68 UDP
Aug 15 07:02:24 WAN 10.127.128.1:67 255.255.255.255:68 UDP
Aug 15 07:02:24 WAN 10.127.128.1:67 255.255.255.255:68 UDP
Aug 15 07:02:22 WAN 10.127.128.1:67 255.255.255.255:68 UDP
Aug 15 07:02:12 WAN 10.127.128.1:67 255.255.255.255:68 UDP
Aug 15 07:02:12 WAN 10.127.128.1:67 255.255.255.255:68 UDP
Aug 15 07:02:10 WAN 10.127.128.1:67 255.255.255.255:68 UDP
Aug 15 07:02:07 WAN 10.127.128.1:67 255.255.255.255:68 UDP
Aug 15 07:02:07 WAN 10.127.128.1:67 255.255.255.255:68 UDP

The FW blocks that, though I got no host with 10.127.128.1 running…

Gertjan

Seems you receive packets from the DHCP protocol (from port 67 => to 68) on your WAN interface.

I think you can live with this…. harmless.

cmb

That's always been there I'm sure, there was a stray rule that didn't do anything with that traffic but didn't drop it either that's been removed, so it's now being logged as blocked.

It's just noise, I'd add a block rule on the WAN for destination 255.255.255.255 with no logging to get rid of the log noise.

hessie

Thanks for the tip, that did the trick, the "noise" is gone

AhnHEL

This doesnt really work if you have Block Private Networks checked in Interfaces: WAN as it becomes your top most rule and automatically logs the traffic