I have just started using PfSense, and I am having trouble with something that should be easy.
Comcast's router is sending about 10 UDP packets to me each minute. I don't want to see these in the logs, but I do want to see the other things blocked by default rules.
The packet logs show:
Rule: Block private networks from WAN block 10/8 (1000001581)
So I set a Firewall Rule under WAN, to Reject from WAN using IP4 addresses, UDP packets. Source "WAN address", Source Port from 1900 to 1900, destination Any, port any-any.
I click on Save, then Apply Changes, but the firewall logs continue to show the default rule blocking these packets.
I can't seem to get this rule above the two default rules in the Wan rules list.
If anyone can help me figure this out, that would be much appreciated. I actually tried a few other rules with no luck. Thanks.
Firewall logs are meant to show rejected packets. If you don't want to see them in the log, why not filter them?
"Source "WAN address","
When would the source ever be pfsense wan address?
Looks to me like your behind a nat and you have pfsense blocking private networks on your wan, which your on - turn that off.
Then create a rule that say block, you sure and the hell would not want to reject - that is just going to cause more traffic. That you don't log with dest 18.104.22.168 port 1900 - this is multicast traffic. Or just turn it off on your comcast router.. Its most likely UPnP announcements, so just turn off UPnP on your comcast box that since your behind pfsense you have ZERO use for.