I followed a link on the wiki to setup a secure rb.
Love this product, gives me beter visibility.
My question is i know see this dumbass that’s consuming my data… 61.237.145.81
my logs are full of this line. how can I stop any logging for this specific IP as I setup a firewall rule to drop :
please let me know if my rule is ok, and how to stop logging this rule in the firewall logs:
0 ;;; Drop packets from this China IP trying to connect to 5060
chain=bad_people action=drop protocol=udp src-address=61.237.145.81
dst-port=5060
Remove or disable the firewall filter lines that have an action of “log”.
I personally don’t think you should run a rule set you don’t understand. That’s only going to lead to problems.
Your rule to drop would work, but the rule set you have very likely already drops that traffic after logging it, so it isn’t necessary to drop if specifically.
Filters are processed in order. Unless passthrough is set to yes (it defaults to no) the first rule that matches a packet terminates rule processing, that action is applied, and no further rules are evaluated. Some actions, like log, are different and do pass through to the next rule.
Therefore to stop that IP from logging drop that IP specifically in a rule, and move that rule higher up than the rule that logs.
The firewall filter wiki page has all the details.
Edit: you are NOT logging filtered packets. You are logging all packets that make it to that rule, and then in the next step drop all packets. This may seem like nitpicking but it’s a very important detail. If you were to disable the drop rule that comes after the log rule, you would still be getting log messages, but you would no longer be filtering. The two actions are entirely unrelated to one another.