Hello guys,
I've been messign with my setup these past days and I've also enabled the log for the drop all else in input chain for my firewall. It logs some strange for me packets being dropped. There are two types, one that are "In interface WAN1" coming from 3 or 4 different src MAC addresses. My guess is that this could be something related to the ISP equipement (dhcp or soemthing). These are in the form of
The ones I'm a bit more concerned about are coming from different IPs (USA, China, Germany, Netherlands) and are directed to my public IP (different ports) in the ppoe interface (also on WAN1). When I check the IPs at least for the ones I did it seems to be Usage Type:Data Center/Web Hosting/Transit . These logs are in the form of:
When I activate my backup connection (different ISP with also public address) there are no logs at all. Could you help me identify these dropped packets coming in WAN. For the last 2 days there are 130k packets dropped with 29.3 MiB. Is this even a concern and should I do annything in addition as prevention (blacklist or something).
I've been messign with my setup these past days and I've also enabled the log for the drop all else in input chain for my firewall. It logs some strange for me packets being dropped. There are two types, one that are "In interface WAN1" coming from 3 or 4 different src MAC addresses. My guess is that this could be something related to the ISP equipement (dhcp or soemthing). These are in the form of
Code:
input: in:ether1-WAN1 out:(unknown 0), connection-state:new src-mac 64:x:x:x:x:x, proto UDP, 0.0.0.0:68->255.255.255.255:67, len 328Code:
input: in:pppoe-out1 out:(unknown 0), connection-state:new proto TCP (SYN), 184.x.x.x:48090->my public ip Statistics: Posted by draid — Fri Jan 05, 2024 6:24 pm