Rule to Block Logging of Traffic to x.x.x.255?
-
According to my firewall log, about every minute I get two instances of a local computer sending traffic across the subnet from port 21327 to x.x.x.255 – one to port 21327 and the other to port 21328. It looks like my rule to allow only certain ports is picking that up. I can't find anything specifying what might be using those ports. On the assumption the traffic really should remain blocked, what would the rule look like to specifically do so? I could make the rule non-blocking and place it above my "allow only certain ports" rule to stop cluttering up the log.
EDIT: After more research, I finally found a reference to those ports. UDP 21327 and 21328 are used by SpiderOakONE for LAN Sync. So, it looks like I need to add them to my safe port alias.
-
That would be broadcast traffic inside the same segment. It doesn't matter if the firewall passes or blocks that, it has no bearing on what happens to the traffic as the switch has already delivered it to everyone on that network.
Pass or block without logging, your choice, it's only log spam at that point.
-
Yep. When I thought it was supposed to be blocked, I just wanted a rule so I could turn off the logging of that. I want logging on my "allow only certain ports" rule, so I didn't want to turn that logging off. But, since the traffic was legitimate and I let those ports through, I'm ok, now.
