Thanks sindy.
I added the two filter, but I modified the input filter to drop everything except for the src-ip where I expect it to be coming from.
Seems like only the input chain filter is increasing, pointing to an external connection attempt (around 131 packets dropped).
After getting the dropped connections to the log, I see that it is actually from a few different addresses (logs attached below). While I love to keep the existing firewall rule to drop everything except for the intended src-ip, the src-ip is actually dynamic so it changes. So that strategy wont work.
What would be the best practice in this case? Will not having the firewall rule leave me vulnerable to attacks? Or are there ways to modify the firewall rules so that it only accepts connection from the dynamic IP address?
10:14:59 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 197.26.60.54:500->xxx.x.xxx.xxx:500, len 364
10:56:49 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 216.218.206.114:15465->xxx.x.xxx.xxx:500, len 92
11:06:26 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 197.26.60.54:500->xxx.x.xxx.xxx:500, len 364
12:11:36 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
12:11:44 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
12:11:45 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
12:11:46 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
12:11:49 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
12:11:52 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
12:11:55 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
12:11:58 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
12:12:01 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
12:12:04 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
12:12:07 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
12:12:10 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
12:12:13 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
12:12:16 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
12:12:19 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
12:12:22 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
12:12:25 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
12:12:28 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
13:15:25 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
13:15:33 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
13:15:34 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
13:15:35 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
13:15:38 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
13:15:41 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
13:15:44 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
13:15:47 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
13:15:50 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
13:15:53 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
13:15:56 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
13:15:59 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
13:16:02 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
13:16:05 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
13:16:08 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
13:16:11 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
13:16:14 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
13:16:17 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
13:44:38 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 61.81.64.17:500->xxx.x.xxx.xxx:500, len 364
14:06:17 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
14:06:25 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
14:06:26 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
14:06:27 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
14:06:30 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
14:06:33 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
14:06:36 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
14:06:39 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
14:06:42 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
14:06:45 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
14:06:48 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
14:06:51 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
14:06:54 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
14:06:57 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
14:07:00 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
14:07:03 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
14:07:06 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
14:07:09 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
14:56:13 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
14:56:21 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
14:56:22 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
14:56:23 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
14:56:26 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
14:56:29 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
14:56:32 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
14:56:35 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
14:56:38 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
14:56:41 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
14:56:44 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
14:56:47 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
14:56:50 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
14:56:53 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
14:56:56 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
14:56:59 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
14:57:02 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
14:57:05 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
15:46:37 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
15:46:45 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
15:46:46 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
15:46:47 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
15:46:50 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
15:46:53 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
15:46:56 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
15:46:59 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
15:47:02 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
15:47:05 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
15:47:08 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
15:47:11 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
15:47:14 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
15:47:17 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
15:47:20 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
15:47:23 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
15:47:26 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
15:47:29 firewall,info firewall-drop input: in:ether1-gateway out:(unknown 0), src-mac 00:01:5c:7e:7a:46, proto UDP, 187.57.139.30:500->xxx.x.xxx.xxx:500, len 408
