Project

General

Profile

Correction #9618

Feedback on System Monitoring — Firewall Logs

Added by Louis van Breda 2 months ago. Updated 2 months ago.

Status:
New
Priority:
Normal
Assignee:
Category:
-
Target version:
-
Start date:
07/07/2019
Due date:
% Done:

0%

Estimated time:
Affected Documentation:
The pfSense Book, pfSense Documentation site (Wiki)

Description

Page: https://docs.netgate.com/pfsense/en/latest/monitoring/firewall-logs.html

Feedback:
- I assume that an Arrow in the interface field indicates that it is an outgoing rule (but that is not described)

traffic can be stopped due to multiple reasons:
  • the defined rule
  • incorrect tcp status (as shown in the log)
but also due to things like:
  • ttl
  • not allowed IP options
  • and perhaps other thinks

I have no idea if that kind of blocking is shown in the log and how the cause is indicated

My remarks above refer to visible / user defined rules. But there seems/my impression is that there are also predefined invisible rules. So I wonder if those rules can be made visible and if it is posible to show the result "block, pass or reject" can be made visible.

Hope this helps to improve documentation and perhaps the gui.

Sincerely,

Louis

History

#1 Updated by Louis van Breda 2 months ago

Sorry for the remark on default rules. I noticed that the logfile settings have options for that.

Log packets matched from the default block rules in the ruleset
Log packets that are blocked by the implicit default block rule. - Per-rule logging options are still respected.

Log packets matched from the default pass rules put in the ruleset
Log packets that are allowed by the implicit default pass rule. - Per-rule logging options are still respected.

Also available in: Atom PDF