1
23.7 Legacy Series / [SOLVED] OPNsense is logging many deny entries internally
« on: January 02, 2024, 03:57:29 am »
I'm noticing many log entries denying traffic between my Home Assistant VM (192.168.86.26) and Google Home Mini devices (192.168.84.110 and 192.168.84.100):
The amount of log entries related are in the thousands in just the last couple of days. I am not sure what's causing this, moreover it's making it a bit difficult to analyze the logs for blocked traffic.
Do you know what's causing this traffic to be blocked? If this is something that can be ignored, is it possible to prevent the rule from triggering and/or logging?
Code: [Select]
<134>1 2024-01-01T21:34:46-05:00 OPNsense.lan filterlog 69404 - [meta sequenceId="283486"] 7,,,02f4bab031b57d1e30553ce08e0ec131,igc0,match,block,in,4,0x0,,64,4470,0,DF,6,tcp,180,192.168.86.26,192.168.84.110,38328,8009,128,PA,2383448238:2383448366,1396268932,501,,nop;nop;TS
<134>1 2024-01-01T21:34:46-05:00 OPNsense.lan filterlog 69404 - [meta sequenceId="283487"] 7,,,02f4bab031b57d1e30553ce08e0ec131,igc0,match,block,in,4,0x0,,64,4471,0,DF,6,tcp,180,192.168.86.26,192.168.84.110,38328,8009,128,PA,2383448238:2383448366,1396268932,501,,nop;nop;TS
<134>1 2024-01-01T21:34:47-05:00 OPNsense.lan filterlog 69404 - [meta sequenceId="283488"] 7,,,02f4bab031b57d1e30553ce08e0ec131,igc0,match,block,in,4,0x0,,64,4472,0,DF,6,tcp,180,192.168.86.26,192.168.84.110,38328,8009,128,PA,2383448238:2383448366,1396268932,501,,nop;nop;TS
<134>1 2024-01-01T21:34:47-05:00 OPNsense.lan filterlog 69404 - [meta sequenceId="283490"] 7,,,02f4bab031b57d1e30553ce08e0ec131,igc0,match,block,in,4,0x0,,64,4473,0,DF,6,tcp,180,192.168.86.26,192.168.84.110,38328,8009,128,PA,2383448238:2383448366,1396268932,501,,nop;nop;TS
<134>1 2024-01-01T21:34:48-05:00 OPNsense.lan filterlog 69404 - [meta sequenceId="283491"] 7,,,02f4bab031b57d1e30553ce08e0ec131,igc0,match,block,in,4,0x0,,64,4474,0,DF,6,tcp,180,192.168.86.26,192.168.84.110,38328,8009,128,PA,2383448238:2383448366,1396268932,501,,nop;nop;TS
<134>1 2024-01-01T21:34:50-05:00 OPNsense.lan filterlog 69404 - [meta sequenceId="283494"] 7,,,02f4bab031b57d1e30553ce08e0ec131,igc0,match,block,in,4,0x0,,64,4475,0,DF,6,tcp,180,192.168.86.26,192.168.84.110,38328,8009,128,PA,2383448238:2383448366,1396268932,501,,nop;nop;TS
<134>1 2024-01-01T21:34:53-05:00 OPNsense.lan filterlog 69404 - [meta sequenceId="283506"] 7,,,02f4bab031b57d1e30553ce08e0ec131,igc0,match,block,in,4,0x0,,64,4476,0,DF,6,tcp,180,192.168.86.26,192.168.84.110,38328,8009,128,PA,2383448238:2383448366,1396268932,501,,nop;nop;TS
<134>1 2024-01-01T21:34:56-05:00 OPNsense.lan filterlog 69404 - [meta sequenceId="283512"] 7,,,02f4bab031b57d1e30553ce08e0ec131,igc0,match,block,in,4,0x0,,64,4477,0,DF,6,tcp,307,192.168.86.26,192.168.84.110,38328,8009,255,FPA,2383448366:2383448621,1396268932,501,,nop;nop;TS
<134>1 2024-01-01T21:34:59-05:00 OPNsense.lan filterlog 69404 - [meta sequenceId="283529"] 7,,,02f4bab031b57d1e30553ce08e0ec131,igc0,match,block,in,4,0x0,,64,4478,0,DF,6,tcp,435,192.168.86.26,192.168.84.110,38328,8009,383,FPA,2383448238:2383448621,1396268932,501,,nop;nop;TS
<134>1 2024-01-01T21:35:12-05:00 OPNsense.lan filterlog 69404 - [meta sequenceId="283612"] 7,,,02f4bab031b57d1e30553ce08e0ec131,igc0,match,block,in,4,0x0,,64,4479,0,DF,6,tcp,435,192.168.86.26,192.168.84.110,38328,8009,383,FPA,2383448238:2383448621,1396268932,501,,nop;nop;TS
<134>1 2024-01-01T21:35:21-05:00 OPNsense.lan filterlog 69404 - [meta sequenceId="283643"] 7,,,02f4bab031b57d1e30553ce08e0ec131,igc0,match,block,in,4,0x0,,64,4480,0,DF,6,tcp,52,192.168.86.26,192.168.84.110,38328,8009,0,A,,1396268932,501,,nop;nop;TS
<134>1 2024-01-01T21:35:39-05:00 OPNsense.lan filterlog 69404 - [meta sequenceId="283674"] 7,,,02f4bab031b57d1e30553ce08e0ec131,igc0,match,block,in,4,0x0,,64,4481,0,DF,6,tcp,435,192.168.86.26,192.168.84.110,38328,8009,383,FPA,2383448238:2383448621,1396268932,501,,nop;nop;TS
<134>1 2024-01-01T21:36:07-05:00 OPNsense.lan filterlog 69404 - [meta sequenceId="283725"] 7,,,02f4bab031b57d1e30553ce08e0ec131,igc0,match,block,in,4,0x0,,64,4482,0,DF,6,tcp,52,192.168.86.26,192.168.84.110,38328,8009,0,A,,1396268932,501,,nop;nop;TS
<134>1 2024-01-01T21:36:11-05:00 OPNsense.lan filterlog 69404 - [meta sequenceId="283732"] 7,,,02f4bab031b57d1e30553ce08e0ec131,igc0,match,block,in,4,0x0,,64,0,0,DF,6,tcp,40,192.168.86.26,192.168.84.100,42176,8009,0,R,1183885780,,0,,
<134>1 2024-01-01T21:36:51-05:00 OPNsense.lan filterlog 69404 - [meta sequenceId="283859"] 7,,,02f4bab031b57d1e30553ce08e0ec131,igc0,match,block,in,4,0x0,,64,0,0,DF,6,tcp,40,192.168.86.26,192.168.84.110,38328,8009,0,R,2383448238,,0,,
<134>1 2024-01-01T21:37:36-05:00 OPNsense.lan filterlog 69404 - [meta sequenceId="283965"] 7,,,02f4bab031b57d1e30553ce08e0ec131,igc0,match,block,in,4,0x0,,64,0,0,DF,6,tcp,40,192.168.86.26,192.168.84.110,38328,8009,0,R,2383448238,,0,,
<134>1 2024-01-01T21:38:13-05:00 OPNsense.lan filterlog 69404 - [meta sequenceId="284062"] 7,,,02f4bab031b57d1e30553ce08e0ec131,igc0,match,block,in,4,0x0,,64,0,0,DF,6,tcp,40,192.168.86.26,192.168.84.100,42176,8009,0,R,1183885780,,0,,
<134>1 2024-01-01T21:38:22-05:00 OPNsense.lan filterlog 69404 - [meta sequenceId="284095"] 7,,,02f4bab031b57d1e30553ce08e0ec131,igc0,match,block,in,4,0x0,,64,0,0,DF,6,tcp,40,192.168.86.26,192.168.84.110,38328,8009,0,R,2383448238,,0,,
<134>1 2024-01-01T21:39:06-05:00 OPNsense.lan filterlog 69404 - [meta sequenceId="284217"] 7,,,02f4bab031b57d1e30553ce08e0ec131,igc0,match,block,in,4,0x0,,64,0,0,DF,6,tcp,40,192.168.86.26,192.168.84.110,38328,8009,0,R,2383448238,,0,,
<134>1 2024-01-01T21:39:52-05:00 OPNsense.lan filterlog 69404 - [meta sequenceId="284308"] 7,,,02f4bab031b57d1e30553ce08e0ec131,igc0,match,block,in,4,0x0,,64,0,0,DF,6,tcp,40,192.168.86.26,192.168.84.110,38328,8009,0,R,2383448238,,0,,
The amount of log entries related are in the thousands in just the last couple of days. I am not sure what's causing this, moreover it's making it a bit difficult to analyze the logs for blocked traffic.
Do you know what's causing this traffic to be blocked? If this is something that can be ignored, is it possible to prevent the rule from triggering and/or logging?