UDP broadcast on 67 and 68, WAN
-
New pfSense user, up and running really well on my home cable modem. I had a couple questions I was hoping the veteran users here could help me with:
I'm getting hammered with log entries from [one IP on my ISP's netblock]:67 sending broadcast UDP traffic to 255.255.255.255:68. I understand that this is DHCP. It's drowning out anything that might be useful in the logs, but worry that blocking it (and setting it to not log!) will end up keeping DHCP from working at all, knocking us offline next time our lease expires. Can I create a rule here that won't do anything bad?
Only tangentially related, but I initially set the machine up in the (very) wrong timezone. NTP runs correctly, but was setting the time 10 hours ahead of the right time. I changed it to the right timezone a few days ago, and the system (via command line) reports the correct time. But the log entries still show future timestamps. Can I fix this without rebooting?
-
- what about setting up "allow" rule for this traffic without logging?
- how did you change time zone - via web interface or using command line?
-
In regards to your DHCP issue:
http://forum.pfsense.org/index.php/topic,14131.msg75029.html#msg75029
Dont worry about setting up a rule blocking it because no matter what, the default rule is blocking it. So for all intents and purposes, that broadcast traffic is always blocked, we're just trying not to log it so we can read the more pertinent logs. I have a block rule on my network and it does not affect my ISP's DHCP handing out a lease or renewing a lease.
-
Agree. The explicit rule 'disable broadcast on WAN' should not affect DHCP IP renew process as server responds with unicast not broadcast packets.
Sorry for my previous comment, it does not make sence.
