5. IPv4 Link Local Blocked in 2.2

IPv4 Link Local Blocked in 2.2


  • I just upgraded my home box from 2.1.5 to 2.2-BETA (amd64) built on Fri Oct 24 12:17:25 CDT 2014.

    I have a MoCA adapter on my OPT1 interface which is dedicated to our two Verizon FiOS TV boxes.  The network created by the MoCA devices sends out constant link local broadcasts to the router and in 2.1.5 I would create firewall rules to allow this traffic on the OPT1 interface so the Firewall log is not flooded with blocks every 2 seconds.  I understand that IPv4 Link Local is blocked in 2.2 per https://redmine.pfsense.org/issues/2073.  I don't think the blocking creates any issues for the FiOS TV MoCA network but it has created the problem with the firewall log being flooded with the blocks.  Would it be acceptable to silently block the IPv4 traffic so it is not logged?  Is this something I can accomplish with settings or a rule?

    Sample of Firewall Log blocks:

    Oct 25 10:04:55 OPT1_TV     169.254.1.87:34174     169.254.1.255:5000 UDP
    Oct 25 10:04:54 OPT1_TV     169.254.1.246:7500     169.254.1.255:7500 UDP
    Oct 25 10:04:50 OPT1_TV     169.254.1.246:21302     255.255.255.255:21302 UDP
    Oct 25 10:04:48 OPT1_TV     169.254.1.246:42691     169.254.1.255:5000 UDP
    Oct 25 10:04:44 OPT1_TV     169.254.1.246:7500     169.254.1.255:7500 UDP
    Oct 25 10:04:39 OPT1_TV     169.254.1.246:21302     255.255.255.255:21302 UDP
    Oct 25 10:04:38 OPT1_TV     169.254.1.87:34174     169.254.1.255:5000 UDP
    Oct 25 10:04:34 OPT1_TV     169.254.1.246:7500     169.254.1.255:7500 UDP
    Oct 25 10:04:33 OPT1_TV     169.254.1.246:42691     169.254.1.255:5000 UDP
    Oct 25 10:04:29 OPT1_TV     169.254.1.246:21302     255.255.255.255:21302 UDP
    Oct 25 10:04:24 OPT1_TV     169.254.1.246:7500     169.254.1.255:7500 UDP
    Oct 25 10:04:23 OPT1_TV     169.254.1.87:34174     169.254.1.255:5000 UDP
    Oct 25 10:04:19 OPT1_TV     169.254.1.246:21302     255.255.255.255:21302 UDP
    Oct 25 10:04:17 OPT1_TV     169.254.1.246:42691     169.254.1.255:5000 UDP
    Oct 25 10:04:14 OPT1_TV     169.254.1.246:7500     169.254.1.255:7500 UDP

    0
  • P

    That is controlled from Status->System Logs, Settings tab. Uncheck "Log packets matched from the default block rules put in the ruleset".
    That turns off all that sort of logging. (I checked in my /tmp/rules.debug and it does apply to the link-local block as well as other generic default block rules)
    If you want to log other default block rule/s then you just put actual block rules of your own at the end of your rule set with logging on for only the things you want to see logged.


    0

  • Thank you.  That works!

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy