Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Rule (@0) in the firewall logs?

    Firewalling
    3
    6
    230
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bblacey last edited by bblacey

      I am seeing a number of log entries from a host to external ports that are not within the range of the egress ports allowed for that host. The log entries are pass for rule (@0). I have never seen this rule identifier before - what is rule (@0) and what does it mean/do?

      Thanks in advance.

      log status.png

      Bob.Dig 1 Reply Last reply Reply Quote 0
      • Bob.Dig
        Bob.Dig LAYER 8 @bblacey last edited by

        @bblacey Maybe UPnP?

        Windows User

        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        B 1 Reply Last reply Reply Quote 0
        • B
          bblacey @Bob.Dig last edited by

          @bob-dig Interesting thought but UPnP and NAT-PMP are not enabled on this firewall.

          Bob.Dig 1 Reply Last reply Reply Quote 0
          • Bob.Dig
            Bob.Dig LAYER 8 @bblacey last edited by

            @bblacey said in Rule (@0) in the firewall logs?:

            @bob-dig Interesting thought but UPnP and NAT-PMP are not enabled on this firewall.

            Have you checked?

            Windows User

            Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

            B 1 Reply Last reply Reply Quote 0
            • B
              bblacey @Bob.Dig last edited by bblacey

              @bob-dig Well, I did the obvious and confirmed that the services are not checked under UPnP and NAT-PMP but I have not logged in to see if the daemons are running for some unexpected reason ๐Ÿค”

              Checked the status page, it says that UPnP is currently disabled.

              Just logged into the firewall and confirmed that the miniupnp daemon is not running.

              NogBadTheBad 1 Reply Last reply Reply Quote 0
              • NogBadTheBad
                NogBadTheBad @bblacey last edited by NogBadTheBad

                @bblacey it's something talking to AWS.

                AS details for 3.15.129.189 :-

                route: 3.14.0.0/15
                origin: AS16509
                descr: Amazon EC2 CMH prefix
                mnt-by: MAINT-AS16509
                changed: noc@amazon.com 20190313 #18:50:39Z
                source: RADB

                Thursday, 24 November 2022 at 15:50:54 Greenwich Mean Time

                Do you see a Mac address on the router for the source IP, if you do what is it ?

                Andy

                1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post