Bug #2249
closed
Outward interface traffic generated by package rules isn't logged when it matches firewall rules that have logging enabled
0%
Description
Reproducing the issue:
DNS forwarder enabled with no options except these custom rules:
no-hosts
address=/yahoo.com/127.0.0.1Set packet capture on the LAN and ping www.yahoo.com from a LAN machine that uses the forwarder, packet capture (correctly) shows an incoming and outgoing packet to/from port 53 on the LAN. Create two firewall rules on the LAN as follows, and enable logging on both:
Pass all traffic from LAN subnet:any port to LAN address:53
Pass all traffic from LAN address:53 to LAN subnet:any portOnly the incoming query traffic is logged, the outgoing packets aren't. Even if the 2nd rule is widened to pass and log all traffic on the LAN from/to any LAN IP (ie from=network:LAN/nn to=network:LAN/nn), only half the UDP traffic that packet capture sees, is logged.
Updated by Jim Pingle almost 14 years ago
- Status changed from New to Rejected
This is not a bug. Rules on the interface tabs don't work that way. Interface tabs are inbound-only. Floating rules can match outbound traffic, though in that case it wouldn't show it either because the state table passes the traffic back for the query.
Please open threads in the forum for discussion before opening bug reports.