Firewall/NAT

Hello all,

First post here and it's a question around the firewall.

I see quite alot of traffic (as below)

12:30:43.135599 WAN 192.168.1.20, port 137 192.168.1.255, port 137 UDP
12:30:42.385635 WAN 192.168.1.20, port 137 192.168.1.255, port 137 UDP
12:28:12.678315 WAN 192.168.1.254 all-systems.mcast.net IGMP

Is it normal for this to be blocked? I guess it's multicast or something. It doesn't seem to have a negative impact on my LAN, however it does fill the logs with entries making it harder to read meaningful entries.

Is there a rule I could add to allow this (if safe) or a way to stop it from logging such traffic?

Thanks.

Broadcasts (destination IP is a broadcast address such as 192.168.1.255) involving UDP port 137 are related to the Netbios Name Service, a component of Windows File Sharing or Samba on *nix.

IGMP multicasting is probably related to UPnP.

Do you have devices configured to use these protocols on your network?

AFAIK, Broadcasts typically do not traverse routers.

Thanks for the reply.

Yeah, there's a NAS drive on the network. Like I say there's no negative impact to the network just the logs are annoying when looking for other things.

UPNP - that's disabled through the router (wan side of m0n0wall)

If the traffic is being dropped and logged by the default rule, you can try adding your own rules that drop the traffic without logging and see if that cleans things up.

If the traffic is being dropped and logged by the default rule, you can try adding your own rules that drop the traffic without logging and see if that cleans things up.

How to make the rules that drop the broadcast traffic without logging? Thanks a lot!