I am a new pfSense user and I have been reviewing my firewall log and found numerous entries coming from Comcast. Can anyone explain what/why/how etc these are?
Mar 1 23:36:39 WAN 18.104.22.168:67 255.255.255.255:68 UDP
Mar 1 23:36:27 WAN 22.214.171.124:67 255.255.255.255:68 UDP
Mar 1 23:36:24 WAN 126.96.36.199:67 255.255.255.255:68 UDP
Mar 1 23:36:21 WAN 188.8.131.52:67 255.255.255.255:68 UDP
A simple google shows that this is a dhcp response taking place.
thank tommy, I should have been more specific and said that this request occurs every second or two. Is this something comcast is initiating or could it be my router?
If it's being blocked, it's not your side initiating it; It's coming from the remote side.
Thank you Jim, I am going to contact Comcast and see what they have to say about it.
It's probably harmless traffic going to the entire segment.
You're better off adding a non-logging rule to block the traffic so it just gets dumped and doesn't spam your logs.
This is "normal" DHCP traffic, where Comcast is responding to a request for a lease, which could be any computer connected to the same head end as you.