5. IPv4 Link Local Blocked in 2.2

IPv4 Link Local Blocked in 2.2


  • I just upgraded my home box from 2.1.5 to 2.2-BETA (amd64) built on Fri Oct 24 12:17:25 CDT 2014.

    I have a MoCA adapter on my OPT1 interface which is dedicated to our two Verizon FiOS TV boxes.  The network created by the MoCA devices sends out constant link local broadcasts to the router and in 2.1.5 I would create firewall rules to allow this traffic on the OPT1 interface so the Firewall log is not flooded with blocks every 2 seconds.  I understand that IPv4 Link Local is blocked in 2.2 per https://redmine.pfsense.org/issues/2073.  I don't think the blocking creates any issues for the FiOS TV MoCA network but it has created the problem with the firewall log being flooded with the blocks.  Would it be acceptable to silently block the IPv4 traffic so it is not logged?  Is this something I can accomplish with settings or a rule?

    Sample of Firewall Log blocks:

    Oct 25 10:04:55 OPT1_TV     169.254.1.87:34174     169.254.1.255:5000 UDP
    Oct 25 10:04:54 OPT1_TV     169.254.1.246:7500     169.254.1.255:7500 UDP
    Oct 25 10:04:50 OPT1_TV     169.254.1.246:21302     255.255.255.255:21302 UDP
    Oct 25 10:04:48 OPT1_TV     169.254.1.246:42691     169.254.1.255:5000 UDP
    Oct 25 10:04:44 OPT1_TV     169.254.1.246:7500     169.254.1.255:7500 UDP
    Oct 25 10:04:39 OPT1_TV     169.254.1.246:21302     255.255.255.255:21302 UDP
    Oct 25 10:04:38 OPT1_TV     169.254.1.87:34174     169.254.1.255:5000 UDP
    Oct 25 10:04:34 OPT1_TV     169.254.1.246:7500     169.254.1.255:7500 UDP
    Oct 25 10:04:33 OPT1_TV     169.254.1.246:42691     169.254.1.255:5000 UDP
    Oct 25 10:04:29 OPT1_TV     169.254.1.246:21302     255.255.255.255:21302 UDP
    Oct 25 10:04:24 OPT1_TV     169.254.1.246:7500     169.254.1.255:7500 UDP
    Oct 25 10:04:23 OPT1_TV     169.254.1.87:34174     169.254.1.255:5000 UDP
    Oct 25 10:04:19 OPT1_TV     169.254.1.246:21302     255.255.255.255:21302 UDP
    Oct 25 10:04:17 OPT1_TV     169.254.1.246:42691     169.254.1.255:5000 UDP
    Oct 25 10:04:14 OPT1_TV     169.254.1.246:7500     169.254.1.255:7500 UDP

    0
  • P

    That is controlled from Status->System Logs, Settings tab. Uncheck "Log packets matched from the default block rules put in the ruleset".
    That turns off all that sort of logging. (I checked in my /tmp/rules.debug and it does apply to the link-local block as well as other generic default block rules)
    If you want to log other default block rule/s then you just put actual block rules of your own at the end of your rule set with logging on for only the things you want to see logged.


    0

  • Thank you.  That works!

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy