I have noticed that I have a lot of access denied messages in my firewall logs. I’m just wondering if there is anything that I shoudl be concerned about?
My first impression on seeing your log, is that somebody is doing a slow port scan. Since it is blocked, it isn’t a hazard to you. But it looks like a slow deliberate port scan. Not something I’d call friendly.
Is there anything that I can do about it?
Nope. Your CFP settings are keeping them out. It can be amusing, for a little while, to watch the logs and realize that whoever it is, is spending a lot of time to no effect. But that can take up a lot of log space. If you want to keep the traffic from being logged, you’ll need to create a blocking rule without logging. Something like this:
block IP In from singleIP[that.ip.addr] to any where protocol is any
and position that new rule just ahead of the CFP block&log rule at the end of the ruleset where everything is being logged.
Cool. No harm in asking.