UDP blocked on WAN ?



  • Hello everyone,

    i don't understand why but it seems by default some UDP packet are drop by the firewall:

    block/1000000103
    Mar 21 20:34:44	WAN 120.24.76.167:2837	MON_IP_WAN:50905	UDP
     block/1000000103
    Mar 21 20:34:44	WAN	115.29.178.199:3437	MON_IP_WAN:37909	UDP
     block/1000000103
    Mar 21 20:34:44	WAN	50.7.44.82:30658	        MON_IP_WAN:40430	UDP
     block/1000000103
    Mar 21 20:34:04	WAN	120.24.76.167:2837	MON_IP_WAN:50905	UDP
    

    does someone has an explanation ?

    it seems some rules go ok when the routing is made to my LAN IP but when it's only routed to my WAN_IP it's block …
    it never happen with TCP, only with UDP

    here is my release :
    2.2.6-RELEASE (amd64)
    built on Mon Dec 21 14:50:08 CST 2015
    FreeBSD 10.1-RELEASE-p25



  • Those are likely the default block rule, basically dropping the packets because there is no state for them.

    By definition TCP has state, the pf code creates state for UDP traffic that it knows about (originated from your LAN or the pfSense box itself).


  • LAYER 8 Global Moderator

    So your seeing NOISE an wondering why its blocked??  Yeah there is a lot of UDP noise on the internet..  If you don't want to see it, then turn off your default block.  If your just interested in tcp then create your own rule that logs tcp.  I just log tcp syn packets to my wan IP..



  • @johnpoz:

    So your seeing NOISE an wondering why its blocked??  Yeah there is a lot of UDP noise on the internet..  If you don't want to see it, then turn off your default block.  If your just interested in tcp then create your own rule that logs tcp.  I just log tcp syn packets to my wan IP..

    how do it ?



  • from web interface, Status, System Logs, Settings.  Look for the section "Log Firewall Default Blocks" and uncheck whatever is checked, then click the Save button at the bottom.  That will turn off logging for the default block rules.
    The other part, Firewall, Rules add one for whatever interface you want or Floating, check the "Log Packets handled by this rule", scroll down further to the Advanced Features, TCP flags, click on SYN in the Set.



  • I use a Zyxel 2XW and in the Firewall screen I pick packet direction as Wan to WAN and block all TCP/UDP ports from 1-65535.  Log the hits and see what happens to your log file.  It will fill up quickly.


  • LAYER 8 Global Moderator

    ^ What???  Did you read the thread?


Log in to reply