• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Add Firewall Rule Before Block Private Network

Scheduled Pinned Locked Moved Firewalling
11 Posts 4 Posters 4.9k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • E
    EddieA
    last edited by Dec 23, 2009, 9:13 PM

    Is it possible, or do I have to disable the "built in" rule, and create my own.

    I have an issue, where the firewall logs contain nothing, but this, every few minutes:

    Act  	Time  	If  	Source  	Destination  	Proto
    	Dec 23 13:00:03 	WAN 	10.252.48.1:67 	255.255.255.255:68 	UDP
    	Dec 23 13:00:02 	WAN 	10.252.48.1:67 	255.255.255.255:68 	UDP
    	Dec 23 12:59:58 	WAN 	10.252.48.1:67 	255.255.255.255:68 	UDP
    	Dec 23 12:59:45 	WAN 	10.252.48.1:67 	255.255.255.255:68 	UDP
    	Dec 23 12:59:21 	WAN 	10.252.48.1:67 	255.255.255.255:68 	UDP
    	Dec 23 12:58:54 	WAN 	10.252.48.1 	224.0.0.1 	IGMP
    

    So, I cannot see anything else logged, as this floods them.

    I'm guessing it's caused by misconfigured DHCP server, somewhere on the system, on my side of the cable Head-End.

    I'd just like to turn off the logging for these, probably based on the IP.

    Cheers.

    1 Reply Last reply Reply Quote 0
    • F
      focalguy
      last edited by Dec 23, 2009, 9:51 PM

      What I've done for this type of thing is create your own rule (yes, disable the built in if it is matching that rule) and set it to not log.

      1 Reply Last reply Reply Quote 0
      • E
        EddieA
        last edited by Dec 23, 2009, 10:24 PM

        I'd like to try and do it, without disabling, and manually re-creating the rules for "Block private networks", but if that's the only way.

        How can I see exactly what the rules are, that are automatically generated for this.

        Cheers.

        1 Reply Last reply Reply Quote 0
        • F
          focalguy
          last edited by Dec 24, 2009, 12:08 AM

          There may very well be another way to do it but I'm not aware of it. I guess my situation wasn't exactly like yours because it was the "Default Deny" rule that was filling up my logs so a rule above it without logging worked fine.

          I think you may have to look at the config.xml or actually at the pf rules currently running to see what the rules are exactly. If it's private networks, you could just make an alias of all private networks (192.168.0.0/16, 10.0.0.0/8, etc) and then block the alias. Just thinking out loud though. I'm sure there's a way to find the exact rule being used.

          1 Reply Last reply Reply Quote 0
          • D
            danswartz
            last edited by Dec 24, 2009, 4:20 AM

            you could just disable logging for the default block rule.

            1 Reply Last reply Reply Quote 0
            • E
              EddieA
              last edited by Dec 24, 2009, 6:01 AM

              @danswartz:

              you could just disable logging for the default block rule.

              Errr, no.  The only option is "Block Private Networks", under Interfaces -> WAN, or not.  You can't make any choices beyond that.

              But, even if I could, I'd like to see what's happening, other than this bozo.

              Cheers.

              1 Reply Last reply Reply Quote 0
              • A
                AhnHEL
                last edited by Dec 24, 2009, 9:51 AM

                Discussed here in the past

                http://forum.pfsense.org/index.php/topic,14131.msg75033.html#msg75033

                AhnHEL (Angel)

                1 Reply Last reply Reply Quote 0
                • D
                  danswartz
                  last edited by Dec 24, 2009, 1:24 PM

                  @EddieA:

                  @danswartz:

                  you could just disable logging for the default block rule.

                  Errr, no.  The only option is "Block Private Networks", under Interfaces -> WAN, or not.  You can't make any choices beyond that.

                  But, even if I could, I'd like to see what's happening, other than this bozo.

                  Cheers.

                  Under Status => System Logs => Settings, there is a checkbox "Log packets blocked by the default rule" :)  But if that isn't what you want…

                  1 Reply Last reply Reply Quote 0
                  • E
                    EddieA
                    last edited by Dec 24, 2009, 4:13 PM

                    @onhel:

                    Discussed here in the past

                    http://forum.pfsense.org/index.php/topic,14131.msg75033.html#msg75033

                    Ha, that's exactly what I ended up doing.  Great minds, etc.

                    @danswartz:

                    Under Status => System Logs => Settings, there is a checkbox "Log packets blocked by the default rule" :)  But if that isn't what you want…

                    No, that logs packets that make it past all the rules, and get blocked by the "default".  I wanted to stop logging a packet that was logged by the very first rule "Block private networks".

                    Cheers.

                    1 Reply Last reply Reply Quote 0
                    • F
                      focalguy
                      last edited by Dec 24, 2009, 5:05 PM

                      @EddieA:

                      @onhel:

                      Discussed here in the past

                      http://forum.pfsense.org/index.php/topic,14131.msg75033.html#msg75033

                      Ha, that's exactly what I ended up doing.  Great minds, etc.

                      I think I may have seen that post before but couldn't find it. Glad you got it working anyways. :)

                      1 Reply Last reply Reply Quote 0
                      • D
                        danswartz
                        last edited by Dec 24, 2009, 5:17 PM

                        Sorry, misread the OP.  I saw the comment about logs filling up by 'default deny' and replied to that :)

                        1 Reply Last reply Reply Quote 0
                        3 out of 11
                        • First post
                          3/11
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                          This community forum collects and processes your personal information.
                          consent.not_received