Monitoring traffic on new installation
I recently installed my first pfSense and configured NAT and the Firewall. I'm monitoring the firewall log to see what traffic is blocked, and I'd like to watch that to determine if the traffic is expected or not. Has there been any discussion (I could not find any) of blocked traffic and specifics on log entries? If so, can you point me in that direction?
For example, I see many of these:
Sep 8 20:44:30 WAN 22.214.171.124:3478 192.168.1.226:61827 UDP
Sep 8 20:42:52 WAN 126.96.36.199:3478 192.168.1.226:61827 UDP
Since many of the source IP addresses are AKAMAI, I wonder if this is traffic I should be accepting.
There is some info in the doc wiki, but really what ports are "good" or what traffic is "bad" depends on the network and the type of traffic you're using. It's far too subjective to generalize with much accuracy.
You can lookup what ports those are, but if those are part of a legitimate connection, it's probably just a variation of this: