Firewall/NAT

If a host in 192.168.3.0/28 sends UDP traffic to 192.168.3.15:137, that is indeed traffic not destined for other networks....its a local subnet broadcast, and routers block broadcasts. I guess windows always does it at boot to check for a netbios nameserver, or just other hosts or however that works I dont remember the different node-types right now.

Anyway, that traffic shows up in my firewall logs, at least when I have logging turned on in the last default block all rule.

Could you say it shouldn't really belong there...I mean, its default routing behaviour and has nothing to do with that particular "block all rule"....you could as well have had a final "allow all" rule and this traffic would still be blocked cause thats how routers work....right?

Just wondering if I'm thinking all wrong here or not, I dont mind it showing there, its just a thought that crossed my mind (and probably never should have lol).

Add a rule (or rules for all that NetBIOS trash) just above the drop all rule and make sure logging is disabled for this rule. Then these packets will be caught by this rule invisibly and you can do what you want with the logging for the drop all rule.

Thanks, but you missed my intention I think.
I dont mind, I just wonder if my reasoning was correct.
Only theoretically, I dont need anything fixed.