Default rule blocks traffic on same VLAN/subnet
-
I am getting repeated log entries for the default rule on my "Home" VLAN (192.168.10.0/24) blocking UDP traffic to 192.168.10.1:192 and 192.168.10.255:137. These are coming from Apple devices on the same VLAN and subnet. I am still learning and while there's probably a thread on this already, I didn't find it. It occurs several times per minute and seems to happen more often than the "drops legitimate traffic" phenomenon I did find discussed. I understand why the traffic is being generated, but I don't understand why the firewall sees it (i.e., runs rules on it) in the first place. I also know that I can block (or pass) without logging, but the fact that it is occurring makes me wonder if something is set up incorrectly. I have several other VLANs configured, and I have native IPv6 from my ISP.
Why am I seeing this in the logs? Is this normal, or does it suggest a configuration issue?
EDIT: pfSense 2.4.3-RELEASE-p1 (arm) on a Netgate SG-3100.
-
Traffic between devices on the same subnet should not touch the firewall, as long as the respective devices are connected to different bridged interfaces.
Maybe a drawing of your setup could shed some light into that.
-
@tcw said in Default rule blocks traffic on same VLAN/subnet:
m still learning and while there's probably a thread on this already, I didn't find it. It occurs several times per minute and seems to happen more often than the "drops legitimate traffic" phenomenon I did find discussed. I understand why the traffic is being generated, but I don't understand why the firewall sees it (i.e., runs rules on it) in the first place. I also know that I can block (or pass) without logging, but the fact that it is occurring makes me
.255 is broadcast crap hitting the interface