Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    IPv4 Link Local Blocked in 2.2

    2.2 Snapshot Feedback and Problems - RETIRED
    2
    3
    1722
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • cwagz
      cwagz last edited by

      I just upgraded my home box from 2.1.5 to 2.2-BETA (amd64) built on Fri Oct 24 12:17:25 CDT 2014.

      I have a MoCA adapter on my OPT1 interface which is dedicated to our two Verizon FiOS TV boxes.  The network created by the MoCA devices sends out constant link local broadcasts to the router and in 2.1.5 I would create firewall rules to allow this traffic on the OPT1 interface so the Firewall log is not flooded with blocks every 2 seconds.  I understand that IPv4 Link Local is blocked in 2.2 per https://redmine.pfsense.org/issues/2073.  I don't think the blocking creates any issues for the FiOS TV MoCA network but it has created the problem with the firewall log being flooded with the blocks.  Would it be acceptable to silently block the IPv4 traffic so it is not logged?  Is this something I can accomplish with settings or a rule?

      Sample of Firewall Log blocks:

      Oct 25 10:04:55 OPT1_TV     169.254.1.87:34174     169.254.1.255:5000 UDP
      Oct 25 10:04:54 OPT1_TV     169.254.1.246:7500     169.254.1.255:7500 UDP
      Oct 25 10:04:50 OPT1_TV     169.254.1.246:21302     255.255.255.255:21302 UDP
      Oct 25 10:04:48 OPT1_TV     169.254.1.246:42691     169.254.1.255:5000 UDP
      Oct 25 10:04:44 OPT1_TV     169.254.1.246:7500     169.254.1.255:7500 UDP
      Oct 25 10:04:39 OPT1_TV     169.254.1.246:21302     255.255.255.255:21302 UDP
      Oct 25 10:04:38 OPT1_TV     169.254.1.87:34174     169.254.1.255:5000 UDP
      Oct 25 10:04:34 OPT1_TV     169.254.1.246:7500     169.254.1.255:7500 UDP
      Oct 25 10:04:33 OPT1_TV     169.254.1.246:42691     169.254.1.255:5000 UDP
      Oct 25 10:04:29 OPT1_TV     169.254.1.246:21302     255.255.255.255:21302 UDP
      Oct 25 10:04:24 OPT1_TV     169.254.1.246:7500     169.254.1.255:7500 UDP
      Oct 25 10:04:23 OPT1_TV     169.254.1.87:34174     169.254.1.255:5000 UDP
      Oct 25 10:04:19 OPT1_TV     169.254.1.246:21302     255.255.255.255:21302 UDP
      Oct 25 10:04:17 OPT1_TV     169.254.1.246:42691     169.254.1.255:5000 UDP
      Oct 25 10:04:14 OPT1_TV     169.254.1.246:7500     169.254.1.255:7500 UDP

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis last edited by

        That is controlled from Status->System Logs, Settings tab. Uncheck "Log packets matched from the default block rules put in the ruleset".
        That turns off all that sort of logging. (I checked in my /tmp/rules.debug and it does apply to the link-local block as well as other generic default block rules)
        If you want to log other default block rule/s then you just put actual block rules of your own at the end of your rule set with logging on for only the things you want to see logged.


        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • cwagz
          cwagz last edited by

          Thank you.  That works!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post