Everything seems to be working as expected but I have thousands of FORWARDFW log entries, several every second.
How can I find why or where they are triggered and
Assuming they are normal how can I stop them logging
Thanks
Everything seems to be working as expected but I have thousands of FORWARDFW log entries, several every second.
How can I find why or where they are triggered and
Assuming they are normal how can I stop them logging
Thanks
Hi,
these are caused by a firewall rule allowing this kind of traffic (UDP to ports 53 and 123, or UDP in general), and having the “log” checkbox enabled. That way, permitted packets trigger a log entry every time.
Please have a look at the firewall ruleset of yours and disable logging for the matching rule. The FORWARDFW entries should be gone after you applied this change.
Thanks, and best regards,
Peter MĂĽller
Thanks Peter
I did have logging on a Firewall rule but it was a Drop Rule which didnt seem to match with FORWARDFW messages, but I removed the logging and as predicted those messages disappeared.
If I re-add logging to that rule and the messages appear again, so thats a solution.
However I now have no Firewall rules being logged but get regular DROP_INPUT messages in the Firewall Log (50-60 an hour) all referencing the mac address of my router and one of the 2 ip addresses on my Red network, but many varied high number ports like 52014, 7788, 9999 & 33472.
I have a couple of other Intrusion protection services running but I stop their logging and still receive these messages.
Can anyone suggest how I can determine what is causing these log entries
Thanks again
Tim