Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Rule to Block Logging of Traffic to x.x.x.255?

    Firewalling
    2
    3
    575
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • beremonavabi
      beremonavabi last edited by

      According to my firewall log, about every minute I get two instances of a local computer sending traffic across the subnet from port 21327 to x.x.x.255 – one to port 21327 and the other to port 21328.  It looks like my rule to allow only certain ports is picking that up.  I can't find anything specifying what might be using those ports.  On the assumption the traffic really should remain blocked, what would the rule look like to specifically do so?  I could make the rule non-blocking and place it above my "allow only certain ports" rule to stop cluttering up the log.

      EDIT:  After more research, I finally found a reference to those ports.  UDP 21327 and 21328 are used by SpiderOakONE for LAN Sync.  So, it looks like I need to add them to my safe port alias.

      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        That would be broadcast traffic inside the same segment. It doesn't matter if the firewall passes or blocks that, it has no bearing on what happens to the traffic as the switch has already delivered it to everyone on that network.

        Pass or block without logging, your choice, it's only log spam at that point.

        1 Reply Last reply Reply Quote 0
        • beremonavabi
          beremonavabi last edited by

          Yep.  When I thought it was supposed to be blocked, I just wanted a rule so I could turn off the logging of that.  I want logging on my "allow only certain ports" rule, so I didn't want to turn that logging off.  But, since the traffic was legitimate and I let those ports through, I'm ok, now.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense Plus
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy