Rule (@0) in the firewall logs?
I am seeing a number of log entries from a host to external ports that are not within the range of the egress ports allowed for that host. The log entries are pass for rule (@0). I have never seen this rule identifier before - what is rule (@0) and what does it mean/do?
Thanks in advance.
@bblacey Maybe UPnP?
@bob-dig Interesting thought but UPnP and NAT-PMP are not enabled on this firewall.
@bob-dig Well, I did the obvious and confirmed that the services are not checked under UPnP and NAT-PMP but I have not logged in to see if the daemons are running for some unexpected reason
Checked the status page, it says that UPnP is currently disabled.
Just logged into the firewall and confirmed that the
miniupnpdaemon is not running.
NogBadTheBad last edited by NogBadTheBad
@bblacey it's something talking to AWS.
AS details for 18.104.22.168 :-
descr: Amazon EC2 CMH prefix
changed: email@example.com 20190313 #18:50:39Z
Thursday, 24 November 2022 at 15:50:54 Greenwich Mean Time
Do you see a Mac address on the router for the source IP, if you do what is it ?