Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    New issue with Block traffic to port 0

    Scheduled Pinned Locked Moved Firewalling
    2 Posts 2 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      robertko
      last edited by

      Hello guys,

      After updating from pfsense 2.4.3_1 to 2.4.4 using the exact same Firewall rules, I get a new rule match on the LAN interface: "Block traffic to port 0" ... TCP:S (I forgot to take a screenshot of the log and since then I have rolled back to the previous version).

      The traffic that is being blocked is an IPSec tunnel that passes through the pfsense box.

      My question is whether or not something changed between the two versions to cause this issue, if there is a plan to implement a method to tweak the default FW rules from the GUI and finally if simply commenting the following lines from /etc/inc/filter.inc will solve the issue:
      block {$log['block']} quick inet proto { tcp, udp } from any port = 0 to any tracker {$increment_tracker($tracker)} label "Block traffic from port 0"
      block {$log['block']} quick inet proto { tcp, udp } from any to any port = 0 tracker {$increment_tracker($tracker)} label "Block traffic to port 0"

      Any further comments and suggestions are appreciated.

      Thanks in advance!

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Traffic to or from tcp/udp port zero is invalid and should be dropped by any competent firewall.

        No. Nothing has changed here.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.