How to drop "255.255.255.255:67" from WAN logs?



  • Every 10 minutes or so I see the following in the logs. I recognize it's DHCP, and can be ignored:

    block Mar 24 16:49:20 WAN 0.0.0.0:68 255.255.255.255:67 UDP

    However, I don't like it cluttering up the logs. I don't seem to be able to craft a rule to get rid of it though. This does not work:

    WAN

    • Block bogon networks
    • Block TDP/UDP any-addr any-port to 255.255.255.255 port 67-68, don't log

    It still keeps popping up in the logs.

    Is it the "bogon networks" rule that keeps making it appear in the logs?

    I'd rather not turn off the bogon networks rule, and not turn off the general option for "Log packets blocked by the default rule" either.


  • Rebel Alliance

    Just use the "Easy Rule" ;)



  • Rebel Alliance

    The "Bogons" Table have:

    0.0.0.0/8
    100.64.0.0/10
    127.0.0.0/8
    169.254.0.0/16
    192.0.0.0/24
    192.0.2.0/24
    198.18.0.0/15
    198.51.100.0/24
    203.0.113.0/24
    224.0.0.0/4
    240.0.0.0/4

    If you create an Alias with those Nets and create a rule with that Alias, you can get the same functionality than the "Block bogon networks" without the "log noise"

    Edit: You can know which FW rule triggers the Log, clicking on the "X" at the "act" column



  • Okay, thanks, but as I understand it the bogons list auto-updates by itself.

    If a bogon list global update occurs, I won't know about it, apparently.

    I guess I'll just have to accept its presence in the logs.


Locked