Logs
-
all of a sudden I have a new inf: LO0, which is the loopback inf, it is showing up in my logs as being blocked.
I have the automatic private ip blocking rule disabled and created one that does the same but without logging, this new inf has just showed up today in the logs.also a device on the network periodically pings the fw and it has started to get logged as well, this data is passed
pf: 54\. 996246 rule 4294967295/3(short): pass in on ath0: (tos 0x0, ttl 100, id 14536, offset 0, flags [DF], proto ICMP (1), length 25) deviceIP > fwIP: [|icmp]
what would cause this to appear in my logs all of a sudden?
-
That rule id looks really weird. It may be a dynamically added rule, but that's hard to say.
Usually where it says (short) it says (match) so it's possible the packet was logged because it was abnormal.
-
I dont have any rules with logging enabled for this type of traffic
the device thats doing the pinging is a cell phone doing voip, dont know if that helps -
Even if you don't have a rule set to log, it's not a (match) on a rule, it's logging because the packet is "short" โ meaning, abnormal in that it isn't long enough, so it was either sent or received malformed. Which would be easy to happen via radio.
-
that explains it, thank you jimp