SFW2-INext-DROP-DEFLT in journalctl

I’m trying to eliminate journal entries like:

SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=x SRC=x DST=x LEN=44 TOS=0x00 PREC=0x00 TTL=128 ID=666

Where the SRC is one of two computers (running Windows) hooked up to the router, and DST is my IP.
Interestingly the one running macOS doesn’t seem involved.

I found https://forums.opensuse.org/showthread.php/399158-SFW2-INext-DROP-DEFLT-in-dmesg

I tried
systemctl disable avahi-daemon.service
systemctl disable avahi-daemon.socket

And removed
mdns_minimal [NOTFOUND=return]
from /etc/nsswitch.conf

But I’m still getting those log entries after a reboot.

Do I need to just add
mdns off
at the bottom of nsswitch.conf or host.conf?

How can I eliminate this?

It isn’t a configuration on your host that attracts these packets. The firewall is doing what it is supposed to do and drop unsolicited traffic. You’ve obscured the source address and destination port details, so we can only guess as to whether it is related to SNMP, Bonjour, or some other protocol. A wireshark packet capture could also be used to tell you more.

Thanks; that makes sense.

So I guess I need to either figure out how to accept the traffic
or prevent it from happening.

My first thought is that those two Windows PCs are setup to print from a common machine.
Could this be part of them constantly probing for that printer?
I don’t know much about networking. >_<

I turned off “network discovery” on one of the other computers but kept receiving traffic from that IP.

Well, I suggest posting the log entries unadulterated, so that we can at least see the destination port associated and advise further. Otherwise we can only speculate.

DST=
is my inet addr as returned by ifconfig eth0

Could it be because I didn’t open the “ssh port” on install?

I doubt that very much. You still haven’t shared the destination port (DPT=…) info.

Is the logging really brothering you? Perhaps just adjust the firewall logging…
https://forums.opensuse.org/showthread.php/528387-Firewall-log?p=2846774#post2846774

I replied in the other thread by mistake. :shame:

Anyhow… I really appreciate the help!

https://forums.opensuse.org/showthread.php/528387-Firewall-log?p=2854043#post2854043

TSU

Thanks.

I noticed that the entry extends off the screen,
and it does note that it’s UDP.