Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Block private & bogon networks

    Scheduled Pinned Locked Moved Firewalling
    5 Posts 2 Posters 4.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • belleraB
      bellera
      last edited by

      Hello!

      I have a 6 NIC box, with 3 LAN and 3 WAN. The options [Block private networks] & [Block bogon networks] appear only on the first WAN interface of pfSense.

      If I want to filter private & bogon networks at my 3 WAN …

      Must I to define an [Aliases] for private & bogon networks and put blocking rules at my 3 WAN ?

      Is it correct ?

      Note: I have an snort machine at the LAN side and sometimes it detects some packets from private & bogons networks.

      Regards,

      Josep Pujadas

      1 Reply Last reply Reply Quote 0
      • Cry HavokC
        Cry Havok
        last edited by

        I'd hope you're using "private" (RFC1918) addresses on your LAN, unless of course you've been allocated a netblock of your own…

        1 Reply Last reply Reply Quote 0
        • belleraB
          bellera
          last edited by

          Yes, of course …

          But sometimes I see things like these:

          Generated by BASE v1.3.5 (marie) on Thu, 17 May 2007 20:58:05 +0200

          #1-59854| [2007-05-16 11:53:48] 10.2.44.1 -> 192.168.XXX.XXX [local/485] [snort/1:485]  ICMP Destination Unreachable Communication Administratively Prohibited
          #1-59855| [2007-05-16 11:53:51] 10.2.44.1 -> 192.168.XXX.XXX [local/485] [snort/1:485]  ICMP Destination Unreachable Communication Administratively Prohibited
          #1-59856| [2007-05-16 11:53:54] 10.2.44.1 -> 192.168.XXX.XXX [local/485] [snort/1:485]  ICMP Destination Unreachable Communication Administratively Prohibited
          #1-59858| [2007-05-16 11:53:57] 10.2.44.1 -> 192.168.XXX.XXX [local/485] [snort/1:485]  ICMP Destination Unreachable Communication Administratively Prohibited
          #1-59859| [2007-05-16 11:54:03] 10.2.44.1 -> 192.168.XXX.XXX [local/485] [snort/1:485]  ICMP Destination Unreachable Communication Administratively Prohibited
          #1-59861| [2007-05-16 11:54:15] 10.2.44.1 -> 192.168.XXX.XXX [local/485] [snort/1:485]  ICMP Destination Unreachable Communication Administratively Prohibited

          and if I made (with one of my FreeBSD servers at LAN side):

          nmap -v -P0 10.2.44.1

          10.2.44.1 has no ports opened but it is alive !!!

          Regards,

          Josep Pujadas

          1 Reply Last reply Reply Quote 0
          • Cry HavokC
            Cry Havok
            last edited by

            A number of ISPs use RFC1918 addresses internally - certainly my initial DHCP lease comes from a 10.x address and parts of my traceroute to the Internet go through various RFC1918 addresses.  Also, many cable and ADSL modems have an RFC1918 configuration address.

            In short - I'm not surprised by what you're seeing.

            1 Reply Last reply Reply Quote 0
            • belleraB
              bellera
              last edited by

              Ok!

              Thanks, Cry

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.