QuFirewall - Qnap's own packets denied?

Don't miss a thing. Post your questions and discussion about other uncategorized NAS features here.
Post Reply
randmental
New here
Posts: 7
Joined: Fri Sep 30, 2011 6:21 pm

QuFirewall - Qnap's own packets denied?

Post by randmental »

I am constantly getting this warning from 127.0.0.1

Warning admin 127.0.0.1 QuFirewall Firewall Events [QuFirewall] The number of packets denied access has reached the limit of 30. Time interval: 2021-02-19 06:17:01 ~ 2021-02-19 06:52:01

Why would QNAP block its own packets? I have not setup the QuFireweall and it is as per its standard default settings.

regards
neilflix
New here
Posts: 2
Joined: Sun Mar 07, 2021 5:01 am

Re: QuFirewall - Qnap's own packets denied?

Post by neilflix »

You have any luck sorting this out? I've been getting these nonstop since I turned on the firewall.
randmental
New here
Posts: 7
Joined: Fri Sep 30, 2011 6:21 pm

Re: QuFirewall - Qnap's own packets denied?

Post by randmental »

Same here - added a rule to allow all from 127.0.0.1 /24 but still it complains
cecoates
Starting out
Posts: 14
Joined: Tue May 10, 2016 6:12 am

Re: QuFirewall - Qnap's own packets denied?

Post by cecoates »

In case anyone else has these issues, despite it being immensely counter-intuitive, QNAP isn't telling you the IP address that was blocked. It's telling you the IP address of the process reporting the event, which is QuFirewall, which means the IP is local.

Which is immensely frustrating, IMO.

"The source IP is 127.0.0.1, but this does not mean that QuFirewall is blocking packets from the system (127.0.0.1). In this case the source IP does not correspond to the IP that has blocked the packet, the Source IP 127.0.0.1 corresponds to the Notification Center origin IP, which is the NAS. That means the system is generating the message, so it is correct to see displayed IP 127.0.0.1."

https://www.qnap.com/en/how-to/faq/arti ... -localhost

https://www.qnap.com/en/how-to/faq/arti ... qufirewall

To find out what addresses are actually triggering the constant alerts, according to the help docs you need to open QuFirewall:

"Can I see which IP address was blocked?
The blocked IP address can be found under QuFirewall > Firewall Profile > Basic Protection > IP access Protection and click [...]"

What a baffling number of clicks to just check basic information. Clicking on the event alert should just take you here, but it doesn't. Also, the docs must be out of date because QuFirewall doesn't have the above menu options anymore. At least not as described in that step.

So apparently, instead you need to enable "Capture Events".

"How to check which IP address is currently blocked by QuFirewall?
QuFirewall could record all blocked packets. If user wants to know the detail content of the blocked packets by QuFirewall, go to QuFirewall > Capture Events > Start Packet Capture, after the duration time then save the captured file for analysis."

Before QuFirewall and the QuLog Center, all this info was easily viewed in "Security" under the "Allow/Deny List". This is a huge step back in usefulness and usability.

Does anyone know if removing QuFirewall will return things to how they were before? Or will it just prompt you to reinstall it?
Post Reply

Return to “Miscellaneous”