In a network full of SMB devices, there's lot of IPv4 directed broadcasting to <network>.255:137, e.g. in 192.168.1.0/24 192.168.1.255:137. Is there a way to have a floating or firewall group rule to ignore such traffic?
What do you mean by ignore? OPNsense is not listening on that port so it already does ignore it.
Ignore as in suppress in logs, etc. The general question being, is there a way to handle directed broadcasts other than on an interface basis.
Broadcast is contained within the Broadcast domain w.g the specific /XY network or/and VLAN.
If you dont want to see the logs, create a specific <network>.255:137 block rule and turn of the logging on it.
Regards,
S.
Thanks for taking the time to respond.
I take it that such a rule cannot be written on a firewall group or floating rule level. So my question comes down to is there some sort of automatic variable that can used in a rule to fill in the <network> placeholder (ideally the broadcast bits as well)? Otherwise, that part of the interface configuration would be duplicated into the rule and create two places that need to be kept consistent without being obviously related. Same would be true for using an aliases for the directed broadcast addresses.
You can create any rule you want as a floating or on Group.
The point is you need to cover all the Broadcast IPs of each respectable Broadcast domain e.g network.
Regards,
S.