Easy Rule:Add to block list" (Hosts blocked from Firewall Log view)

BitLover

Hi Guys,

I switched provider and now I have a cable modem (in bridge mode)
But the cable network has the nasty habbit that bootp/DHCP request from other's hit the WAN port,
so soon the log gets hundreds of these a day:

WAN 10.215.0.1:67 > 255.255.255.255:68 UDP

Since Pfsense is a good firewall it said what is this private adress doing on my WAN poort and filled the logs.
So far so good, but when I said hmm ok, thanks for warning and hit the:

"Easy Rule:Add to block list" (Hosts blocked from Firewall Log view)

They still show up in the logs and i think the cause is:

That the Easy rule gets added after the standard rule (block RFC-1918 networks) that is not moveable.

I fixed it with a workaround, but thought I should mention this,

Keep up the good works guy's and thanks for Pfsense !

BTW:  "Easy Rule:Add to block list" (Hosts blocked from Firewall Log view)
does that mean they are still blocked and don't show up in the logs …?

jimp

They're hitting the block private networks rule before any rule you make yourself.
Disable block private networks, make your own equivalent rule without log set.

(Make an alias for 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8, then block any protocol in on WAN from that source to any)