Should "Reserved Networks" be blocked when pfSense is behind an ISP router?
-
If my pfSense device is behind an ISPs router (which also has its own (most likely crap) firewall) then should I still be blocking reserved networks using these settings in the WAN interface:
- Block private networks and loopback addresses
- Block bogon networks
Both of these generate a lot of log data, like the one in the attached screenshot, so I am wondering if it's ok to turn these off since pfSense is not directly on the Internet?
-
All traffic is blocked & logged by WAN by default. That setting will also block private networks from accessing any NATs you may have configured. Either ignore the noise. or create your own block rule and set it to not log.
-
That is multicast noise most likely from your router it self, ie that 192.168.1.1, which seems odd that is being block by the ULA rule fc00::/7 ?
If you do not want the noise, and your behind a nat.. Then either turn off logging of those rules.. Or create rules that specifically block the noise but don't log it.
