Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Newb Question

    Scheduled Pinned Locked Moved Firewalling
    3 Posts 3 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F Offline
      FletcherV
      last edited by

      I have just started using PfSense, and I am having trouble with something that should be easy.

      Comcast's router is sending about 10 UDP packets to me each minute. I don't want to see these in the logs, but I do want to see the other things blocked by default rules.

      The packet logs show:
      If:            WAN
      Rule:        Block private networks from WAN block 10/8 (1000001581)
      Source:  10.0.0.1:1900
      Dest:      239.255.255.250:1900
      Type:      UDP

      So I set a Firewall Rule under WAN, to Reject from WAN using IP4 addresses, UDP packets. Source "WAN address", Source Port from 1900 to 1900, destination Any, port any-any.

      I click on Save, then Apply Changes, but the firewall logs continue to show the default rule blocking these packets.

      I can't seem to get this rule above the two default rules in the Wan rules list.

      If anyone can help me figure this out, that would be much appreciated. I actually tried a few other rules with no luck. Thanks.

      1 Reply Last reply Reply Quote 0
      • M Offline
        muswellhillbilly
        last edited by

        Firewall logs are meant to show rejected packets. If you don't want to see them in the log, why not filter them?

        1 Reply Last reply Reply Quote 0
        • johnpozJ Offline
          johnpoz LAYER 8 Global Moderator
          last edited by

          "Source "WAN address","

          When would the source ever be pfsense wan address?

          Looks to me like your behind a nat and you have pfsense blocking private networks on your wan, which your on - turn that off.

          Then create a rule that say block, you sure and the hell would not want to reject - that is just going to cause more traffic.  That you don't log with dest 239.255.255.250 port 1900 - this is multicast traffic.  Or just turn it off on your comcast router.. Its most likely UPnP announcements, so just turn off UPnP on your comcast box that since your behind pfsense you have ZERO use for.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.