How to handle directed broadcasts?

mooh · October 07, 2025, 12:48:09 PM

In a network full of SMB devices, there's lot of IPv4 directed broadcasting to <network>.255:137, e.g. in 192.168.1.0/24 192.168.1.255:137. Is there a way to have a floating or firewall group rule to ignore such traffic?

Patrick M. Hausen · October 07, 2025, 12:49:01 PM

What do you mean by ignore? OPNsense is not listening on that port so it already does ignore it.

mooh · October 07, 2025, 01:08:05 PM

Ignore as in suppress in logs, etc. The general question being, is there a way to handle directed broadcasts other than on an interface basis.

Seimus · October 07, 2025, 01:13:16 PM

Broadcast is contained within the Broadcast domain w.g the specific /XY network or/and VLAN.

If you dont want to see the logs, create a specific <network>.255:137 block rule and turn of the logging on it.

Regards,
S.

mooh · October 07, 2025, 02:53:58 PM

Thanks for taking the time to respond.

I take it that such a rule cannot be written on a firewall group or floating rule level. So my question comes down to is there some sort of automatic variable that can used in a rule to fill in the <network> placeholder (ideally the broadcast bits as well)? Otherwise, that part of the interface configuration would be duplicated into the rule and create two places that need to be kept consistent without being obviously related. Same would be true for using an aliases for the directed broadcast addresses.

Seimus · October 07, 2025, 05:43:52 PM

You can create any rule you want as a floating or on Group.

The point is you need to cover all the Broadcast IPs of each respectable Broadcast domain e.g network.

Regards,
S.

How to handle directed broadcasts?

mooh

October 07, 2025, 12:48:09 PM

Patrick M. Hausen

October 07, 2025, 12:49:01 PM #1

mooh

October 07, 2025, 01:08:05 PM #2

Seimus

October 07, 2025, 01:13:16 PM #3

mooh

October 07, 2025, 02:53:58 PM #4

Seimus

October 07, 2025, 05:43:52 PM #5