Firewall log: block 10.127.160.1:67 on WAN every 30 - 60 s
-
Hello,
I'm a new user of pfsense. Before I was using openWRT.
Now my log is showing that the firewall is blocking on WAN UDP 10.127.160.1:67 –> 255.255.255.255:68 every 30 to 60 s. Block local network is enabled on WAN interface. But this is not the adress of the WAN interface and not the gateway address.
After a little bit reserch I found out that this seems to be comming from the cable modem Cisco EPC3208.
But what it is good for? What is the intention of the modem?
Should I set a firewall rule to allow this adress from WAN port? -
Your cable company uses that private subnet for dhcp and to administer the cable modem. Your modem actually has an address given it in that subnet as well as your public IP…
To keep it out of the logs-
Create a firewall rule to block it and....
Go to WAN interface and uncheck "Block Private Networks".
-
Your cable company uses that private subnet for dhcp and to administer the cable modem. Your modem actually has an address given it in that subnet as well as your public IP…
Thanks.
I switched off "Block Private Networks" and block manually on WAN without logging:
-
10.0.0.0/8
-
172.16.0.0/12
-
192.168.0.0/16
-
127.0.0.0/8
If my understanding is correct this is exactly what the automatic rule "Block Private Networks" is doing.
Now my firewall log is not spammed any more by the cable modem.
-
-
The logging of this rule message can be stopped by disabling "Log packets blocked by the default rule" in the settings.
All of our cable modems also show this "WAN UDP 10.xx.xx.xx:67 –> 255.255.255.255:68" rule every 60 seconds or less.
It is useless, it does nothing for performance or connection, so I disabled "Log packets blocked by the default rule" so it won't flood my logging with it's uselessness.Status: System logs:--> Settings
-
The logging of this rule message can be stopped by disabling "Log packets blocked by the default rule" in the settings.
Status: System logs:–> Settings
Yes, this is right. But this will stop logging of all logging. And I would like to have the chance to check who tries to connect from outside.
The way by setting-up a manual filter for the private networks without logging works fine.