[Help] - Default LAN, OPT1 firewall rules



  • Can anyone please help me define a default firewall rule which allow all LAN/OPT1 users to access internet without flooding the firewall logg.

    My setting

    WAN - DHCP by ISP
    LAN - 192.168.0.1/24
    OPT1 - none

    LAN/OPT1 are bridge0

    Current firwall for LAN is
    1. anti lockout rule * * * LAN Adress 80 * *
    2. my own allow all * * * * * * *

    OPT1 firewall rule is
    1. allow dhcp traffic UDP 0.0.0.0 67-68 255.255.255.255 67-68 *
    2. my own allow all * * * * * * *

    Everything is running as i wanted, but the firewall logg is spamming me from the internal adress 192.168.0.2 to internet. I think thare somethin missing here. Please help, Thanks



  • Did you selected log option on rule definition?



  • @marcelloc:

    Did you selected log option on rule definition?

    Nopp, not seleted

    I went into the Log page option and disable this: Log packets blocked by the default rule
    Let see what that does to the flooding. It say; Hint: packets that are blocked by the implicit default block rule will not be logged anymore if you uncheck this option. Per-rule logging options are not affected.



  • Duhh, not beeing logged after that. Not such a good idea  ;D



  • Seems all logged blocked traffic is coming from my wireless-bridge dd-wrt router on the second floor. All clients that are connected though it seems to be blocked to repeatedly same adress. Yes, i even add 2 firewall rule specific to pass LAN and WLAN interface to port 443. It sure flood less, but still.

    Any clue anyone?

    ![2012-03-18 08-41-10.jpg](/public/imported_attachments/1/2012-03-18 08-41-10.jpg)
    ![2012-03-18 08-41-10.jpg_thumb](/public/imported_attachments/1/2012-03-18 08-41-10.jpg_thumb)



  • You have 192.168 as well 10.27 as source ip on the same interface, did your setup your network this way?

    Isn't these logs from infected machines?



  • @marcelloc:

    You have 192.168 as well 10.27 as source ip on the same interface, did your setup your network this way?

    Isn't these logs from infected machines?

    Setup are as above, logflood are from smartphone devices which are connected though dhcp-WIFI


Log in to reply