pfsense protocol shows as options in the log

cayossarian

I'm dealing with Matter devices on my network and occasionally I see log entries that show the protocol as "options" as depicted in the image. To try to determine what this means I tried to add a rule with easy rule and of course it threw an error saying that options was an invalid protocol. What does this log entry mean? I have rules that allows link-local to the broadcast address ff02::fb so I'm not sure why these entries even appear occasionally.

michelv

Any update on this question? I see these types of entries as well, trying to figure out to keep them blocked and for what.

johnpoz

@michelv I don't recall ever seeing that in my logs, but then again I block a lot of multicast at the switch level, but if I had to guess it would be this

https://docs.netgate.com/pfsense/en/latest/firewall/configure.html#ip-options

TCP options should only ever be in SYN packets.. That clearly isn't a SYN. when sent to broadcast ff02::fb

I would sniff and look at those that are blocked.. If you don't want those logged you could set a non log rule with ip options checked.