Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Firewall Logs with Protocol = Fragment

    Scheduled Pinned Locked Moved Firewalling
    5 Posts 2 Posters 324 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      CZvacko
      last edited by

      I have 2 VMs running PFsense that provide proxy functionality. I have now upgraded one of them from v2.7.2 to v2.8.0 and I have noticed many logs like this:
      fragment.jpg
      It seems a bit strange because no name for the rule, just a blank ().
      Also, ff02::c should be a multicast address, so the same log should appear on another VM (but it didn't) that is in the same network(s). Another VM is still using 2.7.2, is this normal or a glitch in 2.8.0 ?

      C 1 Reply Last reply Reply Quote 0
      • C
        CZvacko @CZvacko
        last edited by

        I did packet capture in PFsense and record is related to WS-Discovery.

        One line from wireshark (used to display captured packets):

        No - 1
Time - 0.000000
Source - fe80::a776:bfc4:590c:aa6c
Destination - ff02::c
Protocol - UDP/XML
Lenght - 718
Info - 50548 → 3702 Len=656

        This seems to be incorrectly parsed by PFsense v 2.8.0.
        No rule name, wrong protocol...

        johnpozJ 1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator @CZvacko
          last edited by

          @CZvacko that traffic is not the same source as what you posted from your log.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          C 1 Reply Last reply Reply Quote 0
          • C
            CZvacko @johnpoz
            last edited by

            @johnpoz Right, it's not the same source because I did packet capture the other day, but it's the same situation (appears the same in the Firewall log).

            johnpozJ 1 Reply Last reply Reply Quote 0
            • johnpozJ
              johnpoz LAYER 8 Global Moderator @CZvacko
              last edited by

              @CZvacko to be honest have no idea what would cause that.. But I don't have anything on my network doing ws-discovery either (ssdp).. At least not to ipv6 multicast..

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.