Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Firewall rule suddenly bocking broadcasts

    Scheduled Pinned Locked Moved Firewalling
    3 Posts 3 Posters 656 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      NOYB
      last edited by

      Firewall URL alias on LAN interface after about a week starts blocking broadcast (255.255.255.255)

      URL Alias containing https://www.Team-CYMRU.org/Services/Bogons/fullbogons-ipv4.txt
      with private address space 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 removed.

      LAN Rule
      src: any : any
      dst: Bogons_IPv4 : any
      action: Block & Log

      Had been working fine for months.  Now after about a week of uptime it starts  blocking src: 192.168.2.9 dst: 255.255.255.255.

      Reboot about a week ago fixed it, but now it's happening again.
      Any ideas why the rule would suddenly start blocking broadcasts?
      Any ideas for troubleshooting?

      Thanks

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        Ugh. There's /etc/bogons{,v6} integrated with pfSense updating and the private space removed. You can use that with pfBNG.

        Ideas for troubleshooting: Fix it yourself, noone knowns what you did.

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by

          my question would be why would you have bogon on a lan interface??  How many hits do get with your clients trying to go to bogon networks - that don't route on the internet anyway.. So how exactly would they get anywhere?  Only if they were on your isp would there be any chance of going to a bogon IP.

          There really is not point to blocking those on lan interface..

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.7.2, 24.11

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.