New issue with Block traffic to port 0

robertko

Hello guys,

After updating from pfsense 2.4.3_1 to 2.4.4 using the exact same Firewall rules, I get a new rule match on the LAN interface: "Block traffic to port 0" ... TCP:S (I forgot to take a screenshot of the log and since then I have rolled back to the previous version).

The traffic that is being blocked is an IPSec tunnel that passes through the pfsense box.

My question is whether or not something changed between the two versions to cause this issue, if there is a plan to implement a method to tweak the default FW rules from the GUI and finally if simply commenting the following lines from /etc/inc/filter.inc will solve the issue:
block {$log['block']} quick inet proto { tcp, udp } from any port = 0 to any tracker {$increment_tracker($tracker)} label "Block traffic from port 0"
block {$log['block']} quick inet proto { tcp, udp } from any to any port = 0 tracker {$increment_tracker($tracker)} label "Block traffic to port 0"

Any further comments and suggestions are appreciated.

Thanks in advance!

Derelict

Traffic to or from tcp/udp port zero is invalid and should be dropped by any competent firewall.

No. Nothing has changed here.