Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Log shows outgoing traffic from 'localhost'?

    Scheduled Pinned Locked Moved Firewalling
    4 Posts 2 Posters 742 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      ChrisJenk
      last edited by

      In the Firewall log I am seeing quite a lot of entries like this:

      Aug 8 07:40:23 LAN Default deny rule IPv4 (1000000102) 127.0.0.1:19005 10.0.200.28:65002 TCP:RA

      And there is a small arrow in a circle symbol in front of the word 'LAN' which, when I hover my mouse over it, says 'direction is out'. I have three questions:

      1. Why am I seeing this traffic (I don't see how 127.0.0.1 can send anything to a non local address)?

      2. What exactly does the 'direction is out' mean? I haven't noticed that on any other firewall log messages.

      3. Is there a way to suppress these log messages since they seem to be simply clutter?

      Thanks.

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @ChrisJenk
        last edited by

        @chrisjenk

        See this file : /tmp/rules.debug

        # block IPv4 link-local. Per RFC 3927, link local "MUST NOT" be forwarded by a routing device,
        # and clients "MUST NOT" send such packets to a router. FreeBSD won't route 169.254./16, but
        # route-to can override that, causing problems such as in redmine #2073
        block in  quick from 169.254.0.0/16 to any ridentifier 1000000101 label "Block IPv4 link-local"
        block in  quick from any to 169.254.0.0/16 ridentifier 1000000102 label "Block IPv4 link-local"
        

        There you have the 1000000102 rule identifier.

        Check out what RFC 3927 means. It can not be 127.0.0.1 ....

        I'm as much surprised as you.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        C 1 Reply Last reply Reply Quote 0
        • C
          ChrisJenk @Gertjan
          last edited by

          @gertjan said in Log shows outgoing traffic from 'localhost'?:

          @chrisjenk

          See this file : /tmp/rules.debug

          # block IPv4 link-local. Per RFC 3927, link local "MUST NOT" be forwarded by a routing device,
          # and clients "MUST NOT" send such packets to a router. FreeBSD won't route 169.254./16, but
          # route-to can override that, causing problems such as in redmine #2073
          block in  quick from 169.254.0.0/16 to any ridentifier 1000000101 label "Block IPv4 link-local"
          block in  quick from any to 169.254.0.0/16 ridentifier 1000000102 label "Block IPv4 link-local"
          

          There you have the 1000000102 rule identifier.

          Check out what RFC 3927 means. It can not be 127.0.0.1 ....

          I'm as much surprised as you.

          On my system, examining rules.debug shows this for that rule ID:

          block out log inet all ridentifier 1000000102 label "Default deny rule IPv4"

          This makes more sense in terms of matching up with the log entry but is also strange because I have my own custom 'Deny all' rule as the last one in my LAN ruleset and it is set to not log. So it seems like a rule for IPv4+IPv6, any protocol, with a source of 'any' does not match localhost. Could that be a bug?

          GertjanG 1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan @ChrisJenk
            last edited by

            @chrisjenk said in Log shows outgoing traffic from 'localhost'?:

            block out log inet all ridentifier 1000000102 label "Default deny rule IPv4"

            It shows more then that.

            Look at the 3 liens above :

            #---------------------------------------------------------------------------
            # default deny rules
            #---------------------------------------------------------------------------
            

            Go to Status > System Logs > Settings and remove the check from :

            36413326-56e3-4d81-8f0b-5807c94a3887-image.png

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • GertjanG Gertjan referenced this topic on
            • GertjanG Gertjan referenced this topic on
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.