pfSense

With no rules, the pfSense firewall blocks everything by default (default config includes pass-everything rules). Those default blocks are not logged, so to put blocks in the log for further study, it is necessary to add a block-everything rule with the option selected to "Log packets that are handled by this rule". Correct me if I'm wrong, but I believe that normally the firewall only blocks LAN to WAN communication, and LAN to LAN is ignored. If that is correct, then it is probably a valid bug for the firewall to block LAN to LAN DHCP broadcast 0.0.0.0 and 255.255.255.255. That bug has caused a log noise problem, described here:

https://forum.pfsense.org/index.php?topic=81090.0

I'm not 100% convinced that is a valid bug, if (#1) there are a plethora of other possible "special" IP's that depend on network configuration, and are not the responsibility of pfSense to handle as special cases. Another example of such an IP is NetBIOS that is used by Microsoft Windows OS's broadcasted to 192.168.1.255. I decided to report this as a bug despite that because (#2) DHCP and DHCP the 2 broadcast IP's are a universal standard that nearly all networks use, which makes it much more important than any other "special" IP, and thus a candidate for handling with a default configuration in pfSense.

So, to save the devs some mental energy, there are 2 easy options to close this bug immediately (described above too):

1. It is resolved as INVALID because pfSense isn't responsible for handling special IP's.
2. It is resolved as WONTFIX because DHCP is important as a standard, but not important enough for a default configuration intended solely to address a minor logging noise problem.

On the other hand, if it is decided that this is a valid bug and DHCP is important enough for default configuration in pfSense, then:

3. Add default configuration features (like a checkbox and/or firewall rule) to pfSense that cause standard DHCP IP's to be ignored by the firewall. This might also require features to allow unusual configurations, if they are not in pfSense already.

I set the priority of this as "Very low" because it causes no major difficulties, and it is easy to workaround, as described here:

https://forum.pfsense.org/index.php?topic=81090.msg446829#msg446829

I put this report in the "Logging" category because noise in firewall logs are the only problems that are caused by this issue, and they could be suppressed there. However, it's possible the issue should be fixed in a different component of pfSense, like in the "Rules/NAT" category if:

1. The workaround ends up being used as the fix like the "Default allow LAN to any rule".
2. A default rules checkbox similar to the checkboxes for "Block private networks" and "Block bogon networks" in "Interfaces: WAN" (also appears on the "Firewall: Rules" page).
3. The "Anti-Lockout Rule" added by a checkbox in "System: Advanced: Admin Access".

I skimmed through a quick search for previously reported issues, but I may have overlooked something:

https://redmine.pfsense.org/projects/pfsense/search?issues=1&q=0.0.0.0
https://redmine.pfsense.org/projects/pfsense/search?issues=1&q=255.255.255.255

Sorry for using the Bugzilla resolution status terminology (WONTFIX, etc). I'm not familiar with Redmine, and I don't have permissions to view the form field with possible bug resolution options.