Rule (@0) in the firewall logs?
-
I am seeing a number of log entries from a host to external ports that are not within the range of the egress ports allowed for that host. The log entries are pass for rule (@0). I have never seen this rule identifier before - what is rule (@0) and what does it mean/do?
Thanks in advance.
-
@bblacey Maybe UPnP?
-
@bob-dig Interesting thought but UPnP and NAT-PMP are not enabled on this firewall.
-
@bblacey said in Rule (@0) in the firewall logs?:
@bob-dig Interesting thought but UPnP and NAT-PMP are not enabled on this firewall.
Have you checked?
-
@bob-dig Well, I did the obvious and confirmed that the services are not checked under UPnP and NAT-PMP but I have not logged in to see if the daemons are running for some unexpected reason
Checked the status page, it says that UPnP is currently disabled.
Just logged into the firewall and confirmed that the
miniupnp
daemon is not running. -
@bblacey it's something talking to AWS.
AS details for 3.15.129.189 :-
route: 3.14.0.0/15
origin: AS16509
descr: Amazon EC2 CMH prefix
mnt-by: MAINT-AS16509
changed: noc@amazon.com 20190313 #18:50:39Z
source: RADBThursday, 24 November 2022 at 15:50:54 Greenwich Mean Time
Do you see a Mac address on the router for the source IP, if you do what is it ?