• all of a sudden I have a new inf: LO0, which is the loopback inf, it is showing up in my logs as being blocked.
    I have the automatic private ip blocking rule disabled and created one that does the same but without logging, this new inf has just showed up today in the logs.

    also a device on the network periodically pings the fw and it has started to get logged as well, this data is passed

    pf: 54\. 996246 rule 4294967295/3(short): pass in on ath0: (tos 0x0, ttl 100, id 14536, offset 0, flags [DF], proto ICMP (1), length 25) deviceIP > fwIP: [|icmp]

    what would cause this to appear in my logs all of a sudden?

  • Rebel Alliance Developer Netgate

    That rule id looks really weird. It may be a dynamically added rule, but that's hard to say.

    Usually where it says (short) it says (match) so it's possible the packet was logged because it was abnormal.

  • I dont have any rules with logging enabled for this type of traffic
    the device thats doing the pinging is a cell phone doing voip, dont know if that helps

  • Rebel Alliance Developer Netgate

    Even if you don't have a rule set to log, it's not a (match) on a rule, it's logging because the packet is "short" – meaning, abnormal in that it isn't long enough, so it was either sent or received malformed. Which would be easy to happen via radio.

  • that explains it, thank you jimp

Log in to reply