<![CDATA[Add Firewall Rule Before Block Private Network]]>Is it possible, or do I have to disable the "built in" rule, and create my own.

I have an issue, where the firewall logs contain nothing, but this, every few minutes:

Act  	Time  	If  	Source  	Destination  	Proto
	Dec 23 13:00:03 	WAN 	10.252.48.1:67 	255.255.255.255:68 	UDP
	Dec 23 13:00:02 	WAN 	10.252.48.1:67 	255.255.255.255:68 	UDP
	Dec 23 12:59:58 	WAN 	10.252.48.1:67 	255.255.255.255:68 	UDP
	Dec 23 12:59:45 	WAN 	10.252.48.1:67 	255.255.255.255:68 	UDP
	Dec 23 12:59:21 	WAN 	10.252.48.1:67 	255.255.255.255:68 	UDP
	Dec 23 12:58:54 	WAN 	10.252.48.1 	224.0.0.1 	IGMP

So, I cannot see anything else logged, as this floods them.

I'm guessing it's caused by misconfigured DHCP server, somewhere on the system, on my side of the cable Head-End.

I'd just like to turn off the logging for these, probably based on the IP.

Cheers.

]]>https://forum.netgate.com/topic/20177/add-firewall-rule-before-block-private-networkRSS for NodeThu, 14 May 2026 17:19:48 GMTWed, 23 Dec 2009 21:13:09 GMT60<![CDATA[Reply to Add Firewall Rule Before Block Private Network on Thu, 24 Dec 2009 17:17:29 GMT]]>Sorry, misread the OP.  I saw the comment about logs filling up by 'default deny' and replied to that :)

]]>https://forum.netgate.com/post/217451https://forum.netgate.com/post/217451Thu, 24 Dec 2009 17:17:29 GMT<![CDATA[Reply to Add Firewall Rule Before Block Private Network on Thu, 24 Dec 2009 17:05:41 GMT]]>@EddieA:

@onhel:

Discussed here in the past

http://forum.pfsense.org/index.php/topic,14131.msg75033.html#msg75033

Ha, that's exactly what I ended up doing.  Great minds, etc.

I think I may have seen that post before but couldn't find it. Glad you got it working anyways. :)

]]>https://forum.netgate.com/post/217448https://forum.netgate.com/post/217448Thu, 24 Dec 2009 17:05:41 GMT<![CDATA[Reply to Add Firewall Rule Before Block Private Network on Thu, 24 Dec 2009 16:13:50 GMT]]>@onhel:

Discussed here in the past

http://forum.pfsense.org/index.php/topic,14131.msg75033.html#msg75033

Ha, that's exactly what I ended up doing.  Great minds, etc.

@danswartz:

Under Status => System Logs => Settings, there is a checkbox "Log packets blocked by the default rule" :)  But if that isn't what you want…

No, that logs packets that make it past all the rules, and get blocked by the "default".  I wanted to stop logging a packet that was logged by the very first rule "Block private networks".

Cheers.

]]>https://forum.netgate.com/post/217444https://forum.netgate.com/post/217444Thu, 24 Dec 2009 16:13:50 GMT<![CDATA[Reply to Add Firewall Rule Before Block Private Network on Thu, 24 Dec 2009 13:24:52 GMT]]>@EddieA:

@danswartz:

you could just disable logging for the default block rule.

Errr, no.  The only option is "Block Private Networks", under Interfaces -> WAN, or not.  You can't make any choices beyond that.

But, even if I could, I'd like to see what's happening, other than this bozo.

Cheers.

Under Status => System Logs => Settings, there is a checkbox "Log packets blocked by the default rule" :)  But if that isn't what you want…

]]>https://forum.netgate.com/post/217429https://forum.netgate.com/post/217429Thu, 24 Dec 2009 13:24:52 GMT<![CDATA[Reply to Add Firewall Rule Before Block Private Network on Thu, 24 Dec 2009 09:51:11 GMT]]>Discussed here in the past

http://forum.pfsense.org/index.php/topic,14131.msg75033.html#msg75033

]]>https://forum.netgate.com/post/217415https://forum.netgate.com/post/217415Thu, 24 Dec 2009 09:51:11 GMT<![CDATA[Reply to Add Firewall Rule Before Block Private Network on Thu, 24 Dec 2009 06:01:54 GMT]]>@danswartz:

you could just disable logging for the default block rule.

Errr, no.  The only option is "Block Private Networks", under Interfaces -> WAN, or not.  You can't make any choices beyond that.

But, even if I could, I'd like to see what's happening, other than this bozo.

Cheers.

]]>https://forum.netgate.com/post/217400https://forum.netgate.com/post/217400Thu, 24 Dec 2009 06:01:54 GMT<![CDATA[Reply to Add Firewall Rule Before Block Private Network on Thu, 24 Dec 2009 04:20:37 GMT]]>you could just disable logging for the default block rule.

]]>https://forum.netgate.com/post/217395https://forum.netgate.com/post/217395Thu, 24 Dec 2009 04:20:37 GMT<![CDATA[Reply to Add Firewall Rule Before Block Private Network on Thu, 24 Dec 2009 00:08:47 GMT]]>There may very well be another way to do it but I'm not aware of it. I guess my situation wasn't exactly like yours because it was the "Default Deny" rule that was filling up my logs so a rule above it without logging worked fine.

I think you may have to look at the config.xml or actually at the pf rules currently running to see what the rules are exactly. If it's private networks, you could just make an alias of all private networks (192.168.0.0/16, 10.0.0.0/8, etc) and then block the alias. Just thinking out loud though. I'm sure there's a way to find the exact rule being used.

]]>https://forum.netgate.com/post/217377https://forum.netgate.com/post/217377Thu, 24 Dec 2009 00:08:47 GMT<![CDATA[Reply to Add Firewall Rule Before Block Private Network on Wed, 23 Dec 2009 22:24:44 GMT]]>I'd like to try and do it, without disabling, and manually re-creating the rules for "Block private networks", but if that's the only way.

How can I see exactly what the rules are, that are automatically generated for this.

Cheers.

]]>https://forum.netgate.com/post/217372https://forum.netgate.com/post/217372Wed, 23 Dec 2009 22:24:44 GMT<![CDATA[Reply to Add Firewall Rule Before Block Private Network on Wed, 23 Dec 2009 21:51:14 GMT]]>What I've done for this type of thing is create your own rule (yes, disable the built in if it is matching that rule) and set it to not log.

]]>https://forum.netgate.com/post/217369https://forum.netgate.com/post/217369Wed, 23 Dec 2009 21:51:14 GMT