Multiple FORWARDFW Log Entries

Everything seems to be working as expected but I have thousands of FORWARDFW log entries, several every second.

How can I find why or where they are triggered and

Assuming they are normal how can I stop them logging

Thanks

Hi,

these are caused by a firewall rule allowing this kind of traffic (UDP to ports 53 and 123, or UDP in general), and having the “log” checkbox enabled. That way, permitted packets trigger a log entry every time.

Please have a look at the firewall ruleset of yours and disable logging for the matching rule. The FORWARDFW entries should be gone after you applied this change. :slight_smile:

Thanks, and best regards,
Peter Müller

2 Likes

Thanks Peter

I did have logging on a Firewall rule but it was a Drop Rule which didnt seem to match with FORWARDFW messages, but I removed the logging and as predicted those messages disappeared.

If I re-add logging to that rule and the messages appear again, so thats a solution.

However I now have no Firewall rules being logged but get regular DROP_INPUT messages in the Firewall Log (50-60 an hour) all referencing the mac address of my router and one of the 2 ip addresses on my Red network, but many varied high number ports like 52014, 7788, 9999 & 33472.

I have a couple of other Intrusion protection services running but I stop their logging and still receive these messages.

Can anyone suggest how I can determine what is causing these log entries

Thanks again

Tim