Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Default rule blocks traffic on same VLAN/subnet

    Scheduled Pinned Locked Moved Firewalling
    3 Posts 3 Posters 505 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tcw
      last edited by tcw

      I am getting repeated log entries for the default rule on my "Home" VLAN (192.168.10.0/24) blocking UDP traffic to 192.168.10.1:192 and 192.168.10.255:137. These are coming from Apple devices on the same VLAN and subnet. I am still learning and while there's probably a thread on this already, I didn't find it. It occurs several times per minute and seems to happen more often than the "drops legitimate traffic" phenomenon I did find discussed. I understand why the traffic is being generated, but I don't understand why the firewall sees it (i.e., runs rules on it) in the first place. I also know that I can block (or pass) without logging, but the fact that it is occurring makes me wonder if something is set up incorrectly. I have several other VLANs configured, and I have native IPv6 from my ISP.

      Why am I seeing this in the logs? Is this normal, or does it suggest a configuration issue?

      EDIT: pfSense 2.4.3-RELEASE-p1 (arm) on a Netgate SG-3100.

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        Traffic between devices on the same subnet should not touch the firewall, as long as the respective devices are connected to different bridged interfaces.

        Maybe a drawing of your setup could shed some light into that.

        1 Reply Last reply Reply Quote 0
        • H
          heper
          last edited by

          @tcw said in Default rule blocks traffic on same VLAN/subnet:

          m still learning and while there's probably a thread on this already, I didn't find it. It occurs several times per minute and seems to happen more often than the "drops legitimate traffic" phenomenon I did find discussed. I understand why the traffic is being generated, but I don't understand why the firewall sees it (i.e., runs rules on it) in the first place. I also know that I can block (or pass) without logging, but the fact that it is occurring makes me

          .255 is broadcast crap hitting the interface

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.