• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Create firewall rule for specific source / destination

Scheduled Pinned Locked Moved Firewalling
6 Posts 4 Posters 315 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • G
    ghostnet
    last edited by Dec 21, 2022, 6:18 PM

    I get an ICMP message every two minutes that gets logged, filling it with useless entries. From reading many posts here, I created an entry in /etc/inc/filter.inc that keeps the entry from being logged. However, the next pfsense upgrade will wipe out my fix.

    I'm not good at firewall rules, so my question is: how do I recreate the rule in the webGUI so it survives upgrade to upgrade? My Firewall log in the webGUI shows this:

    Act Time IF Source Destination
    X Dec 21 11:37 WAN 0.0.0.0 224.0.0.1

    And my rule in /etc/inc/filter.inc is this:
    block in quick from 0.0.0.0 to 224.0.0.1 ridentifier {$increment_tracker()} label "Block IPv4 link-local"

    I'm using pfsense 22.05-RELEASE.
    Thanks for your help.

    R 1 Reply Last reply Dec 21, 2022, 6:25 PM Reply Quote 0
    • R rcoleman-netgate moved this topic from webGUI on Dec 21, 2022, 6:24 PM
    • R
      rcoleman-netgate Netgate @ghostnet
      last edited by Dec 21, 2022, 6:25 PM

      @ghostnet 224.0.0.1 is multicast traffic. And all traffic on WAN is blocked inbound by default unless you open ports. And those blocks are logged.

      You can simply ignore it - I don't pay attention to my WAN logs until I need to troubleshoot why a site-to-site VPN isn't working.

      Ryan
      Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
      Requesting firmware for your Netgate device? https://go.netgate.com
      Switching: Mikrotik, Netgear, Extreme
      Wireless: Aruba, Ubiquiti

      S J 2 Replies Last reply Dec 21, 2022, 6:34 PM Reply Quote 0
      • S
        SteveITS Galactic Empire @rcoleman-netgate
        last edited by Dec 21, 2022, 6:34 PM

        I don't pay attention to my WAN logs

        Seconding this, we always turn off the "Log packets matched from the default block rules in the ruleset" log setting. Saves a ton of disk writes, doesn't fill the log with spam, and we can turn it on when we need it.

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        1 Reply Last reply Reply Quote 0
        • J
          johnpoz LAYER 8 Global Moderator @rcoleman-netgate
          last edited by johnpoz Dec 21, 2022, 7:41 PM Dec 21, 2022, 7:40 PM

          I would second turning off logging of the default block. Then create your own rules to log what your interested in - for example I log all SYN traffic to my wan address. And also log common udp ports.

          But yeah have no desire to see what amounts to noise..

          log.jpg

          If want to see for some reason - simple click to turn it back on if troubleshooting something for example.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.7.2, 24.11

          1 Reply Last reply Reply Quote 0
          • G
            ghostnet
            last edited by Dec 21, 2022, 7:41 PM

            That's a reasonable solution for me. However, I don't think there is a default rule to block that (except the kludge I came up with). I was looking for a bit of help constructing the block rule in the webGUI, so the fix would be part of backup / restore and survive upgrades.

            1 Reply Last reply Reply Quote 0
            • G
              ghostnet
              last edited by Dec 21, 2022, 7:55 PM

              Looking at the firewall logs from the console, I see that those log entries are marked as blocked, so your solution to disable logging blocked events should work. Thanks for your help.

              1 Reply Last reply Reply Quote 0
              6 out of 6
              • First post
                6/6
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                This community forum collects and processes your personal information.
                consent.not_received