4. Newbie moving forwards with firewall (slowly)

Newbie moving forwards with firewall (slowly)

  • V

    Can somebody explain firewall logs on my simple home network? My pfsense box is working for openVPN with transparent DNS, squid cache and I've got rules to open the standard IPV4 ports for browsing, email and ftp. Even learned about ports alias!

    In windows I've disable IPV6 but I'm seeing IPV6 port 53 (DNS) blockages, port 53 is open for IPV4?  I realize I've got to do something about Netbios ports since these are required for local file sharing? But am I right thinking I only allow Netbios calls within the LAN and not outside to the internet?

    I have a huge amount to learn, but any help to move forwards would be appreciated. If there is a repository of sample pfsense firewall setups somewhere, that would help me a lot because most of what I try stops something working. Most basic needs are 'working', but I'm assuming I shouldn't see firewall repeated blockages.

    Jun 17 12:39:55 ► WAN [fe80::20e:c4ff:fed0:5164]:41109 [2610:1c1:3::108]:53 UDP
    Jun 17 12:39:55 ► WAN [fe80::20e:c4ff:fed0:5164]:37742 [2610:160:11:3::6]:53 UDP
    Jun 17 12:39:55 ► WAN [fe80::20e:c4ff:fed0:5164]:35655 [2610:1c1:3::108]:53 UDP
    Jun 17 12:39:55 ► WAN [fe80::20e:c4ff:fed0:5164]:34218 [2610:160:11:3::6]:53 UDP
    Jun 17 12:39:55 ► WAN [fe80::20e:c4ff:fed0:5164]:24041 [2610:160:11:3::6]:53 UDP
    Jun 17 12:39:55 ► WAN [fe80::20e:c4ff:fed0:5164]:57654 [2610:160:11:3::6]:53 UDP
    Jun 17 12:39:55 ► WAN [fe80::20e:c4ff:fed0:5164]:36874 [2001:502:1ca1::30]:53 UDP
    Jun 17 12:39:55 ► WAN [fe80::20e:c4ff:fed0:5164]:48140 [2001:500:b::1]:53 UDP
    Jun 17 12:39:55 ► WAN [fe80::20e:c4ff:fed0:5164]:31852 [2001:500:c::1]:53 UDP
    Jun 17 12:39:55 ► WAN [fe80::20e:c4ff:fed0:5164]:39149 [2001:500:b::1]:53 UDP
    Jun 17 12:39:55 ► WAN [fe80::20e:c4ff:fed0:5164]:51395 [2001:500:b::1]:53 UDP
    Jun 17 12:39:55 ► WAN [fe80::20e:c4ff:fed0:5164]:54839 [2001:500:b::1]:53 UDP
    Jun 17 12:39:55 ► WAN [fe80::20e:c4ff:fed0:5164]:60536 [2001:500:e::1]:53 UDP
    Jun 17 12:39:29 ► WAN [fe80::20e:c4ff:fed0:5164]:31977 [2600:1480:1::c1]:53 UDP
    Jun 17 12:39:29 ► WAN [fe80::20e:c4ff:fed0:5164]:29306 [2600:1480:1::c1]:53 UDP
    Jun 17 12:39:29 ► WAN [fe80::20e:c4ff:fed0:5164]:57370 [2600:1480:1::c1]:53 UDP
    Jun 17 12:39:21 WAN 24.43.226.115:58694 80.234.159.124:3389 TCP:S
    Jun 17 12:38:17 WAN 51.15.66.119:5328 80.234.159.124:5065 UDP
    Jun 17 12:37:16 ► WAN [fe80::20e:c4ff:fed0:5164] [2a00:1450:4009:815::200e] ICMPv6
    Jun 17 12:36:39 ► WAN [fe80::20e:c4ff:fed0:5164]:63913 [2001:503:a83e::2:30]:53 UDP
    Jun 17 12:36:39 ► WAN [fe80::20e:c4ff:fed0:5164]:51434 [2001:500:856e::30]:53 UDP
    Jun 17 12:36:39 ► WAN [fe80::20e:c4ff:fed0:5164]:57692 [2001:500:856e::30]:53 UDP
    Jun 17 12:36:29 LAN 192.168.1.6:39053 178.79.152.182:123 UDP
    Jun 17 12:36:13 WAN 39.109.9.4:42686 80.234.159.124:1433 TCP:S
    Jun 17 12:36:13 WAN 195.154.231.2:5072 80.234.159.124:5060 UDP
    Jun 17 12:36:10 LAN 192.168.1.6:57530 178.79.152.182:123 UDP
    Jun 17 12:36:01 ► WAN [fe80::20e:c4ff:fed0:5164]:59999 [2600:1480:e800::c0]:53 UDP
    Jun 17 12:36:01 ► WAN [fe80::20e:c4ff:fed0:5164]:25113 [2600:1480:e800::c0]:53 UDP
    Jun 17 12:35:01 ► WAN [fe80::20e:c4ff:fed0:5164]:43196 [2600:1406:32::c1]:53 UDP
    Jun 17 12:35:01 ► WAN [fe80::20e:c4ff:fed0:5164]:13283 [2600:1406:32::c1]:53 UDP
    Jun 17 12:35:01 ► WAN [fe80::20e:c4ff:fed0:5164]:36575 [2600:1408:1c::43]:53 UDP
    Jun 17 12:35:01 ► WAN [fe80::20e:c4ff:fed0:5164]:43479 [2600:1401:1::43]:53 UDP
    Jun 17 12:35:01 ► WAN [fe80::20e:c4ff:fed0:5164]:50998 [2600:1401:2::43]:53 UDP
    Jun 17 12:35:01 ► WAN [fe80::20e:c4ff:fed0:5164]:61651 [2600:1408:1c::43]:53 UDP
    Jun 17 12:35:01 ► WAN [fe80::20e:c4ff:fed0:5164]:3693 [2600:1480:b000::43]:53 UDP
    Jun 17 12:35:01 ► WAN [fe80::20e:c4ff:fed0:5164]:20353 [2600:1408:1c::43]:53 UDP
    Jun 17 12:35:01 ► WAN [fe80::20e:c4ff:fed0:5164]:28896 [2600:1406:32::43]:53 UDP
    Jun 17 12:35:01 ► WAN [fe80::20e:c4ff:fed0:5164]:57916 [2600:1401:1::43]:53 UDP
    Jun 17 12:35:01 ► WAN [fe80::20e:c4ff:fed0:5164]:9307 [2600:1401:2::43]:53 UDP
    Jun 17 12:35:01 ► WAN [fe80::20e:c4ff:fed0:5164]:60145 [2a02:26f0:117::43]:53 UDP
    Jun 17 12:35:01 ► WAN [fe80::20e:c4ff:fed0:5164]:51847 [2600:1480:1::43]:53 UDP
    Jun 17 12:35:01 ► WAN [fe80::20e:c4ff:fed0:5164]:14724 [2600:1401:2::f0]:53 UDP
    Jun 17 12:34:44 WAN 218.72.50.250:19608 80.234.159.124:1433 TCP:S
    Jun 17 12:34:39 WAN 183.95.219.70:33421 80.234.159.124:22 TCP:S
    Jun 17 12:34:31 WAN 121.41.126.147:51781 80.234.159.124:445 TCP:S
    Jun 17 12:33:32 ► WAN [fe80::20e:c4ff:fed0:5164]:39954 [2401:fd80:400::1]:53 UDP
    Jun 17 12:33:32 ► WAN [fe80::20e:c4ff:fed0:5164]:42657 [2001:8d8:fe:53:0:d9a0:53c8:100]:53 UDP
    Jun 17 12:33:32 ► WAN [fe80::20e:c4ff:fed0:5164]:46490 [2001:8d8:fe:53:0:d9a0:52c8:100]:53 UDP
    Jun 17 12:33:14 WAN 80.82.70.26:53601 80.234.159.124:23 TCP:S
    Jun 17 12:32:32 LAN 192.168.1.6:52416 213.251.53.217:123 UDP
    Jun 17 12:32:13 LAN 192.168.1.6:43223 213.251.53.217:123 UDP
    Jun 17 12:32:12 ovpnc1 199.19.53.1:53 10.68.10.6:10856 UDP
    Jun 17 12:32:12 ovpnc1 199.19.53.1 10.68.10.6 UDP
    Jun 17 12:32:12 ► WAN [fe80::20e:c4ff:fed0:5164]:27316 [2a02:2290:2:48::73]:53 UDP
    Jun 17 12:31:19 ► WAN [fe80::20e:c4ff:fed0:5164] [2a00:1450:4009:815::200e] ICMPv6
    Jun 17 12:31:18 ► WAN [fe80::20e:c4ff:fed0:5164] [2a02:1788:2fd::b2ff:5301] ICMPv6
    Jun 17 12:31:18 ► WAN [fe80::20e:c4ff:fed0:5164]:8198 [2a02:1788:0:200::5bd1:c404]:53 UDP
    Jun 17 12:31:18 ► WAN [fe80::20e:c4ff:fed0:5164]:39567 [2600:9000:5304:2600::1]:53 UDP
    Jun 17 12:31:18 ► WAN [fe80::20e:c4ff:fed0:5164]:43930 [2600:9000:5305:cf00::1]:53 UDP
    Jun 17 12:31:18 ► WAN [fe80::20e:c4ff:fed0:5164]:35490 [2600:9000:5307:1000::1]:53 UDP
    Jun 17 12:31:18 ► WAN [fe80::20e:c4ff:fed0:5164]:30209 [2600:9000:5303:8c00::1]:53 UDP
    Jun 17 12:31:18 ► WAN [fe80::20e:c4ff:fed0:5164]:50927 [2600:9000:5303:8c00::1]:53 UDP
    Jun 17 12:31:18 ► WAN [fe80::20e:c4ff:fed0:5164]:51314 [2600:9000:5303:8c00::1]:53 UDP
    Jun 17 12:31:18 ► WAN [fe80::20e:c4ff:fed0:5164]:37673 [2600:9000:5307:1000::1]:53 UDP
    Jun 17 12:31:18 ► WAN [fe80::20e:c4ff:fed0:5164]:8357 [2600:9000:5301:4c00::1]:53 UDP
    Jun 17 12:31:18 ► WAN [fe80::20e:c4ff:fed0:5164]:52495 [2600:9000:5300:a300::1]:53 UDP
    Jun 17 12:31:18 ► WAN [fe80::20e:c4ff:fed0:5164]:43883 [2600:9000:5302:e500::1]:53 UDP
    Jun 17 12:31:17 ► WAN [fe80::20e:c4ff:fed0:5164]:50120 [2600:9000:5302:6700::1]:53 UDP
    Jun 17 12:31:17 ► WAN [fe80::20e:c4ff:fed0:5164]:51258 [2600:9000:5304:2600::1]:53 UDP
    Jun 17 12:31:17 ► WAN [fe80::20e:c4ff:fed0:5164]:10289 [2600:9000:5304:2600::1]:53 UDP
    Jun 17 12:31:17 ► WAN [fe80::20e:c4ff:fed0:5164]:39634 [2001:503:231d::2:30]:53 UDP
    Jun 17 12:31:17 ► WAN [fe80::20e:c4ff:fed0:5164]:9908 [2001:503:231d::2:30]:53 UDP
    Jun 17 12:31:17 ► WAN [fe80::20e:c4ff:fed0:5164]:52682 [2001:502:7094::30]:53 UDP
    Jun 17 12:31:17 ► WAN [fe80::20e:c4ff:fed0:5164]:58375 [2001:503:231d::2:30]:53 UDP
    Jun 17 12:31:17 ► WAN [fe80::20e:c4ff:fed0:5164]:39205 [2401:fd80:404::1]:53 UDP
    Jun 17 12:31:17 ► WAN [fe80::20e:c4ff:fed0:5164]:57493 [2401:fd80:404::1]:53 UDP
    Jun 17 12:31:17 ► WAN [fe80::20e:c4ff:fed0:5164]:40864 [2001:502:ad09::3]:53 UDP
    Jun 17 12:31:17 ► WAN [fe80::20e:c4ff:fed0:5164]:37314 [2a01:618:404::1]:53 UDP
    Jun 17 12:31:17 ► WAN [fe80::20e:c4ff:fed0:5164]:15427 [2401:fd80:404::1]:53 UDP
    Jun 17 12:31:17 ► WAN [fe80::20e:c4ff:fed0:5164]:49961 [2600:9000:5300:a300::1]:53 UDP
    Jun 17 12:31:17 ► WAN [fe80::20e:c4ff:fed0:5164]:25858 [2600:9000:5306:6300::1]:53 UDP
    Jun 17 12:31:17 ► WAN [fe80::20e:c4ff:fed0:5164]:24965 [2600:9000:5302:5600::1]:53 UDP
    Jun 17 12:31:17 ► WAN [fe80::20e:c4ff:fed0:5164]:44905 [2600:9000:5304:e700::1]:53 UDP
    Jun 17 12:31:17 ► WAN [fe80::20e:c4ff:fed0:5164]:13288 [2001:500:856e::30]:53 UDP
    Jun 17 12:31:17 ► WAN [fe80::20e:c4ff:fed0:5164]:14664 [2001:503:231d::2:30]:53 UDP
    Jun 17 12:31:17 ► WAN [fe80::20e:c4ff:fed0:5164]:56162 [2001:503:a83e::2:30]:53 UDP
    Jun 17 12:31:17 ► WAN [fe80::20e:c4ff:fed0:5164]:13587 [2001:503:231d::2:30]:53 UDP
    Jun 17 12:30:52 LAN 192.168.1.3:1177 67.215.92.210:1 TCP:S
    Jun 17 12:30:46 LAN 192.168.1.3:1177 67.215.92.210:1 TCP:S
    Jun 17 12:30:43 LAN 192.168.1.3:1177 67.215.92.210:1 TCP:S
    Jun 17 12:30:43 LAN 192.168.1.3:137 192.168.1.255:137 UDP
    Jun 17 12:30:42 LAN 192.168.1.3:137 192.168.1.255:137 UDP
    Jun 17 12:30:41 LAN 192.168.1.3:137 192.168.1.255:137 UDP
    Jun 17 12:30:39 LAN 192.168.1.3:137 192.168.1.255:137 UDP
    Jun 17 12:30:39 LAN 192.168.1.3:137 192.168.1.255:137 UDP
    Jun 17 12:30:38 LAN 192.168.1.3:137 192.168.1.255:137 UDP
    Jun 17 12:30:38 LAN 192.168.1.3:138 192.168.1.255:138        UDP

    0
  • P
    Banned

    If you don't use IPv6 on your network then IMO the best way to clear your logs of IPv6 noise is to allow it in pfSense (System / Advanced / Networking) then create a quick floating rule to block all IPv6 without logging it.

    Or you can block it in pfSense and choose not to log default rules (Status / System Logs / Settings).

    Either way works just depends on what you want to see in your logs.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy