Reoccuring IP in firewall log
-
While looking at the firewall log I keep seeing the same entry.
How do I tell the logs to ignore this IP address without blocking it?Apr 29 13:58:45 WAN 10.140.134.99:67 255.255.255.255:68 UDP
I believe that this is the cable modem that is giving my router its WAN IP address.
I must need this to get an WAN addresss using DHCP. So I cannot block it. -
The simplest solution is not to log blocked WAN packets ;)
-
That's noise from other DHCP clients on your ISP's network, you can block it without logging. Replies to your DHCP requests are permitted by the state from the request, not rules.
-
Normally you would not see that traffic anyway - since it would be blocked by the "block private addresses rule" Do you not have that enabled?
-
When you have "Block Private Networks" checked (2.0.1) those do show up in the logs. That DHCP traffic can fill your logs in a matter of a couple of minutes…
What Ive done-
Uncheck "Block Private Networks.
Make 3 block rules...
10.0.0.0/8
172.16.0.0/12
192.168.0.0/16I have a client using the same cable service I am. I put them on pfsense 2.1 due to hardware support... They do not see these in the logs. So either the cable modem does a better job of keeping them at the gate... Or something has changed between 2.0.1 and 2.1 (Maybe someone who knows can comment)
-
The block private networks rule logs everything that matches it, so in instances like this you do have to disable that and create your own rule to do so without logging.
Whether or not you see that kind of noise depends on what type of service you have, with business class service where you have a static IP, you shouldn't see any DHCP noise as the modem isn't a bridge in that case. With any kind of dynamic cable service, you most always will see that. I don't recall a dynamic cable service anywhere in the world where that wasn't the case, though it's possible some modems may filter out that noise. Nothing related to any of this has changed in years, 2.1 is the same as 2.0.x which is the same as going well back into the 1.x days in this regard.
-
you shouldn't see any DHCP noise as the modem isn't a bridge in that case.
That depends on the cable company. I have commercial service but still have a bridge only modem. I have 1 static IP. But also can get one more DHCP provided address… (Wavebroadband)
Comcast makes you run the gateway modems if you have static... For their non static commercial customers you can now use a Motorola 6120 (I think thats the model)...
Im not familiar with any other companies...
-
"The block private networks rule logs everything that matches it"
Really – then why doesn't it show the little i next to it for being logged. Or state that in the setting? You can turn off logging of the default block rule. So is it that this rule would log everything without a way to turn off the logging?
