Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Newbie moving forwards with firewall (slowly)

    Firewalling
    2
    2
    479
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      voxmagna1 last edited by

      Can somebody explain firewall logs on my simple home network? My pfsense box is working for openVPN with transparent DNS, squid cache and I've got rules to open the standard IPV4 ports for browsing, email and ftp. Even learned about ports alias!

      In windows I've disable IPV6 but I'm seeing IPV6 port 53 (DNS) blockages, port 53 is open for IPV4?  I realize I've got to do something about Netbios ports since these are required for local file sharing? But am I right thinking I only allow Netbios calls within the LAN and not outside to the internet?

      I have a huge amount to learn, but any help to move forwards would be appreciated. If there is a repository of sample pfsense firewall setups somewhere, that would help me a lot because most of what I try stops something working. Most basic needs are 'working', but I'm assuming I shouldn't see firewall repeated blockages.

      Jun 17 12:39:55 ► WAN [fe80::20e:c4ff:fed0:5164]:41109 [2610:1c1:3::108]:53 UDP
      Jun 17 12:39:55 ► WAN [fe80::20e:c4ff:fed0:5164]:37742 [2610:160:11:3::6]:53 UDP
      Jun 17 12:39:55 ► WAN [fe80::20e:c4ff:fed0:5164]:35655 [2610:1c1:3::108]:53 UDP
      Jun 17 12:39:55 ► WAN [fe80::20e:c4ff:fed0:5164]:34218 [2610:160:11:3::6]:53 UDP
      Jun 17 12:39:55 ► WAN [fe80::20e:c4ff:fed0:5164]:24041 [2610:160:11:3::6]:53 UDP
      Jun 17 12:39:55 ► WAN [fe80::20e:c4ff:fed0:5164]:57654 [2610:160:11:3::6]:53 UDP
      Jun 17 12:39:55 ► WAN [fe80::20e:c4ff:fed0:5164]:36874 [2001:502:1ca1::30]:53 UDP
      Jun 17 12:39:55 ► WAN [fe80::20e:c4ff:fed0:5164]:48140 [2001:500:b::1]:53 UDP
      Jun 17 12:39:55 ► WAN [fe80::20e:c4ff:fed0:5164]:31852 [2001:500:c::1]:53 UDP
      Jun 17 12:39:55 ► WAN [fe80::20e:c4ff:fed0:5164]:39149 [2001:500:b::1]:53 UDP
      Jun 17 12:39:55 ► WAN [fe80::20e:c4ff:fed0:5164]:51395 [2001:500:b::1]:53 UDP
      Jun 17 12:39:55 ► WAN [fe80::20e:c4ff:fed0:5164]:54839 [2001:500:b::1]:53 UDP
      Jun 17 12:39:55 ► WAN [fe80::20e:c4ff:fed0:5164]:60536 [2001:500:e::1]:53 UDP
      Jun 17 12:39:29 ► WAN [fe80::20e:c4ff:fed0:5164]:31977 [2600:1480:1::c1]:53 UDP
      Jun 17 12:39:29 ► WAN [fe80::20e:c4ff:fed0:5164]:29306 [2600:1480:1::c1]:53 UDP
      Jun 17 12:39:29 ► WAN [fe80::20e:c4ff:fed0:5164]:57370 [2600:1480:1::c1]:53 UDP
      Jun 17 12:39:21 WAN 24.43.226.115:58694 80.234.159.124:3389 TCP:S
      Jun 17 12:38:17 WAN 51.15.66.119:5328 80.234.159.124:5065 UDP
      Jun 17 12:37:16 ► WAN [fe80::20e:c4ff:fed0:5164] [2a00:1450:4009:815::200e] ICMPv6
      Jun 17 12:36:39 ► WAN [fe80::20e:c4ff:fed0:5164]:63913 [2001:503:a83e::2:30]:53 UDP
      Jun 17 12:36:39 ► WAN [fe80::20e:c4ff:fed0:5164]:51434 [2001:500:856e::30]:53 UDP
      Jun 17 12:36:39 ► WAN [fe80::20e:c4ff:fed0:5164]:57692 [2001:500:856e::30]:53 UDP
      Jun 17 12:36:29 LAN 192.168.1.6:39053 178.79.152.182:123 UDP
      Jun 17 12:36:13 WAN 39.109.9.4:42686 80.234.159.124:1433 TCP:S
      Jun 17 12:36:13 WAN 195.154.231.2:5072 80.234.159.124:5060 UDP
      Jun 17 12:36:10 LAN 192.168.1.6:57530 178.79.152.182:123 UDP
      Jun 17 12:36:01 ► WAN [fe80::20e:c4ff:fed0:5164]:59999 [2600:1480:e800::c0]:53 UDP
      Jun 17 12:36:01 ► WAN [fe80::20e:c4ff:fed0:5164]:25113 [2600:1480:e800::c0]:53 UDP
      Jun 17 12:35:01 ► WAN [fe80::20e:c4ff:fed0:5164]:43196 [2600:1406:32::c1]:53 UDP
      Jun 17 12:35:01 ► WAN [fe80::20e:c4ff:fed0:5164]:13283 [2600:1406:32::c1]:53 UDP
      Jun 17 12:35:01 ► WAN [fe80::20e:c4ff:fed0:5164]:36575 [2600:1408:1c::43]:53 UDP
      Jun 17 12:35:01 ► WAN [fe80::20e:c4ff:fed0:5164]:43479 [2600:1401:1::43]:53 UDP
      Jun 17 12:35:01 ► WAN [fe80::20e:c4ff:fed0:5164]:50998 [2600:1401:2::43]:53 UDP
      Jun 17 12:35:01 ► WAN [fe80::20e:c4ff:fed0:5164]:61651 [2600:1408:1c::43]:53 UDP
      Jun 17 12:35:01 ► WAN [fe80::20e:c4ff:fed0:5164]:3693 [2600:1480:b000::43]:53 UDP
      Jun 17 12:35:01 ► WAN [fe80::20e:c4ff:fed0:5164]:20353 [2600:1408:1c::43]:53 UDP
      Jun 17 12:35:01 ► WAN [fe80::20e:c4ff:fed0:5164]:28896 [2600:1406:32::43]:53 UDP
      Jun 17 12:35:01 ► WAN [fe80::20e:c4ff:fed0:5164]:57916 [2600:1401:1::43]:53 UDP
      Jun 17 12:35:01 ► WAN [fe80::20e:c4ff:fed0:5164]:9307 [2600:1401:2::43]:53 UDP
      Jun 17 12:35:01 ► WAN [fe80::20e:c4ff:fed0:5164]:60145 [2a02:26f0:117::43]:53 UDP
      Jun 17 12:35:01 ► WAN [fe80::20e:c4ff:fed0:5164]:51847 [2600:1480:1::43]:53 UDP
      Jun 17 12:35:01 ► WAN [fe80::20e:c4ff:fed0:5164]:14724 [2600:1401:2::f0]:53 UDP
      Jun 17 12:34:44 WAN 218.72.50.250:19608 80.234.159.124:1433 TCP:S
      Jun 17 12:34:39 WAN 183.95.219.70:33421 80.234.159.124:22 TCP:S
      Jun 17 12:34:31 WAN 121.41.126.147:51781 80.234.159.124:445 TCP:S
      Jun 17 12:33:32 ► WAN [fe80::20e:c4ff:fed0:5164]:39954 [2401:fd80:400::1]:53 UDP
      Jun 17 12:33:32 ► WAN [fe80::20e:c4ff:fed0:5164]:42657 [2001:8d8:fe:53:0:d9a0:53c8:100]:53 UDP
      Jun 17 12:33:32 ► WAN [fe80::20e:c4ff:fed0:5164]:46490 [2001:8d8:fe:53:0:d9a0:52c8:100]:53 UDP
      Jun 17 12:33:14 WAN 80.82.70.26:53601 80.234.159.124:23 TCP:S
      Jun 17 12:32:32 LAN 192.168.1.6:52416 213.251.53.217:123 UDP
      Jun 17 12:32:13 LAN 192.168.1.6:43223 213.251.53.217:123 UDP
      Jun 17 12:32:12 ovpnc1 199.19.53.1:53 10.68.10.6:10856 UDP
      Jun 17 12:32:12 ovpnc1 199.19.53.1 10.68.10.6 UDP
      Jun 17 12:32:12 ► WAN [fe80::20e:c4ff:fed0:5164]:27316 [2a02:2290:2:48::73]:53 UDP
      Jun 17 12:31:19 ► WAN [fe80::20e:c4ff:fed0:5164] [2a00:1450:4009:815::200e] ICMPv6
      Jun 17 12:31:18 ► WAN [fe80::20e:c4ff:fed0:5164] [2a02:1788:2fd::b2ff:5301] ICMPv6
      Jun 17 12:31:18 ► WAN [fe80::20e:c4ff:fed0:5164]:8198 [2a02:1788:0:200::5bd1:c404]:53 UDP
      Jun 17 12:31:18 ► WAN [fe80::20e:c4ff:fed0:5164]:39567 [2600:9000:5304:2600::1]:53 UDP
      Jun 17 12:31:18 ► WAN [fe80::20e:c4ff:fed0:5164]:43930 [2600:9000:5305:cf00::1]:53 UDP
      Jun 17 12:31:18 ► WAN [fe80::20e:c4ff:fed0:5164]:35490 [2600:9000:5307:1000::1]:53 UDP
      Jun 17 12:31:18 ► WAN [fe80::20e:c4ff:fed0:5164]:30209 [2600:9000:5303:8c00::1]:53 UDP
      Jun 17 12:31:18 ► WAN [fe80::20e:c4ff:fed0:5164]:50927 [2600:9000:5303:8c00::1]:53 UDP
      Jun 17 12:31:18 ► WAN [fe80::20e:c4ff:fed0:5164]:51314 [2600:9000:5303:8c00::1]:53 UDP
      Jun 17 12:31:18 ► WAN [fe80::20e:c4ff:fed0:5164]:37673 [2600:9000:5307:1000::1]:53 UDP
      Jun 17 12:31:18 ► WAN [fe80::20e:c4ff:fed0:5164]:8357 [2600:9000:5301:4c00::1]:53 UDP
      Jun 17 12:31:18 ► WAN [fe80::20e:c4ff:fed0:5164]:52495 [2600:9000:5300:a300::1]:53 UDP
      Jun 17 12:31:18 ► WAN [fe80::20e:c4ff:fed0:5164]:43883 [2600:9000:5302:e500::1]:53 UDP
      Jun 17 12:31:17 ► WAN [fe80::20e:c4ff:fed0:5164]:50120 [2600:9000:5302:6700::1]:53 UDP
      Jun 17 12:31:17 ► WAN [fe80::20e:c4ff:fed0:5164]:51258 [2600:9000:5304:2600::1]:53 UDP
      Jun 17 12:31:17 ► WAN [fe80::20e:c4ff:fed0:5164]:10289 [2600:9000:5304:2600::1]:53 UDP
      Jun 17 12:31:17 ► WAN [fe80::20e:c4ff:fed0:5164]:39634 [2001:503:231d::2:30]:53 UDP
      Jun 17 12:31:17 ► WAN [fe80::20e:c4ff:fed0:5164]:9908 [2001:503:231d::2:30]:53 UDP
      Jun 17 12:31:17 ► WAN [fe80::20e:c4ff:fed0:5164]:52682 [2001:502:7094::30]:53 UDP
      Jun 17 12:31:17 ► WAN [fe80::20e:c4ff:fed0:5164]:58375 [2001:503:231d::2:30]:53 UDP
      Jun 17 12:31:17 ► WAN [fe80::20e:c4ff:fed0:5164]:39205 [2401:fd80:404::1]:53 UDP
      Jun 17 12:31:17 ► WAN [fe80::20e:c4ff:fed0:5164]:57493 [2401:fd80:404::1]:53 UDP
      Jun 17 12:31:17 ► WAN [fe80::20e:c4ff:fed0:5164]:40864 [2001:502:ad09::3]:53 UDP
      Jun 17 12:31:17 ► WAN [fe80::20e:c4ff:fed0:5164]:37314 [2a01:618:404::1]:53 UDP
      Jun 17 12:31:17 ► WAN [fe80::20e:c4ff:fed0:5164]:15427 [2401:fd80:404::1]:53 UDP
      Jun 17 12:31:17 ► WAN [fe80::20e:c4ff:fed0:5164]:49961 [2600:9000:5300:a300::1]:53 UDP
      Jun 17 12:31:17 ► WAN [fe80::20e:c4ff:fed0:5164]:25858 [2600:9000:5306:6300::1]:53 UDP
      Jun 17 12:31:17 ► WAN [fe80::20e:c4ff:fed0:5164]:24965 [2600:9000:5302:5600::1]:53 UDP
      Jun 17 12:31:17 ► WAN [fe80::20e:c4ff:fed0:5164]:44905 [2600:9000:5304:e700::1]:53 UDP
      Jun 17 12:31:17 ► WAN [fe80::20e:c4ff:fed0:5164]:13288 [2001:500:856e::30]:53 UDP
      Jun 17 12:31:17 ► WAN [fe80::20e:c4ff:fed0:5164]:14664 [2001:503:231d::2:30]:53 UDP
      Jun 17 12:31:17 ► WAN [fe80::20e:c4ff:fed0:5164]:56162 [2001:503:a83e::2:30]:53 UDP
      Jun 17 12:31:17 ► WAN [fe80::20e:c4ff:fed0:5164]:13587 [2001:503:231d::2:30]:53 UDP
      Jun 17 12:30:52 LAN 192.168.1.3:1177 67.215.92.210:1 TCP:S
      Jun 17 12:30:46 LAN 192.168.1.3:1177 67.215.92.210:1 TCP:S
      Jun 17 12:30:43 LAN 192.168.1.3:1177 67.215.92.210:1 TCP:S
      Jun 17 12:30:43 LAN 192.168.1.3:137 192.168.1.255:137 UDP
      Jun 17 12:30:42 LAN 192.168.1.3:137 192.168.1.255:137 UDP
      Jun 17 12:30:41 LAN 192.168.1.3:137 192.168.1.255:137 UDP
      Jun 17 12:30:39 LAN 192.168.1.3:137 192.168.1.255:137 UDP
      Jun 17 12:30:39 LAN 192.168.1.3:137 192.168.1.255:137 UDP
      Jun 17 12:30:38 LAN 192.168.1.3:137 192.168.1.255:137 UDP
      Jun 17 12:30:38 LAN 192.168.1.3:138 192.168.1.255:138        UDP

      1 Reply Last reply Reply Quote 0
      • P
        pfBasic Banned last edited by

        If you don't use IPv6 on your network then IMO the best way to clear your logs of IPv6 noise is to allow it in pfSense (System / Advanced / Networking) then create a quick floating rule to block all IPv6 without logging it.

        Or you can block it in pfSense and choose not to log default rules (Status / System Logs / Settings).

        Either way works just depends on what you want to see in your logs.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post