Firewall blocks valid traffic and fill up logs.

artem · April 26, 2012, 8:10pm

Hi.

I set up gobal rules to accept all tcp & udp traffic on 30001 and 50001 ports. One for DC, another for torrent (they are trusted in applications rules). And this work fine until i close the DC or torrent. After that Firewall fill up my logs with this:
012-04-26 00:00:06 Windows Operating System Заблокировано Входящие UDP 158.193.85.225 6250 172.16.1.101 30001
2012-04-26 00:00:17 Windows Operating System Заблокировано Входящие UDP 78.154.13.155 6250 172.16.1.101 30001
2012-04-26 00:00:41 Windows Operating System Заблокировано Входящие UDP 2.94.89.177 6250 172.16.1.101 30001
2012-04-26 00:01:13 Windows Operating System Заблокировано Входящие UDP 46.50.217.163 1182 172.16.1.101 30001
2012-04-26 00:01:18 Windows Operating System Заблокировано Входящие UDP 188.134.70.184 65517 172.16.1.101 30001
2012-04-26 00:02:11 Windows Operating System Заблокировано Входящие UDP 146.232.84.44 6250 172.16.1.101 30001
2012-04-26 00:02:14 Windows Operating System Заблокировано Входящие UDP 94.177.86.33 6250 172.16.1.101 30001
2012-04-26 00:02:23 Windows Operating System Заблокировано Входящие UDP 149.156.124.6 6250 172.16.1.101 30001
2012-04-26 00:02:35 Windows Operating System Заблокировано Входящие UDP 78.154.13.155 6250 172.16.1.101 30001
2012-04-26 00:02:57 Windows Operating System Заблокировано Входящие UDP 178.49.61.80 1112 172.16.1.101 30001
2012-04-26 00:03:04 Windows Operating System Заблокировано Входящие UDP 87.228.115.184 6250 172.16.1.101 30001
2012-04-26 00:03:16 Windows Operating System Заблокировано Входящие UDP 46.50.217.163 1182 172.16.1.101 30001
2012-04-26 00:03:19 Windows Operating System Заблокировано Входящие UDP 188.134.119.192 6245 172.16.1.101 30001
2012-04-26 00:03:46 Windows Operating System Заблокировано Входящие UDP 87.228.115.184 6250 172.16.1.101 30001
2012-04-26 00:04:18 Windows Operating System Заблокировано Входящие UDP 94.177.86.33

Why it is do so? This is valid traffic (DHT), it is allowed in global rules. In 30 mins I get 1800 line in logs. What I can do with that?

Sorry for my bad English.

Radaghast · April 27, 2012, 5:29am

What you’re seeing is the natural behaviour of p2p clients such as those described. When you disconnect from a swarm, the other members have no way of knowing you’re no longer there and will continue to ask for parts of the file you’ve been sharing. As your p2p client is no longer listening, the connections are discarded, this is a job handled by the Windows Operating System process.

If you wish to prevent your logs from filling up with these entries, create a couple of rules for Windows Operating System to hide the entries. Take a look at this for an idea.

artem · April 27, 2012, 6:58am

Thanks!

I just don’t think to look for Windows Operating System in runing process.