Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Notification when a firewall rule is used

    Scheduled Pinned Locked Moved Firewalling
    5 Posts 4 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D Offline
      DennisT
      last edited by

      Hi,
      I'd like to be able to get an email notification when a specific block rule is activated.  Is there a way to do this?

      1 Reply Last reply Reply Quote 0
      • KOMK Offline
        KOM
        last edited by

        Not on pfSense directly.  It's possible you could configure your own syslog server and build something based on that.

        1 Reply Last reply Reply Quote 0
        • johnpozJ Online
          johnpoz LAYER 8 Global Moderator
          last edited by

          Wow that is asking for just flood of your mailbox..

          But sure you could send your firewall log to syslog and then setup stream to send you email on hits.  This will also allow for rules so you don't get 1000's emails in 20 minutes when something comes banging on your door.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 25.07 | Lab VMs 2.8, 25.07

          1 Reply Last reply Reply Quote 0
          • D Offline
            DennisT
            last edited by

            Thx for the feedback.  BTW - it isn't for WAN activity, it is for LAN activity.

            1 Reply Last reply Reply Quote 0
            • SammyWooS Offline
              SammyWoo
              last edited by

              @DennisT:

              Thx for the feedback.  BTW - it isn't for WAN activity, it is for LAN activity.

              Just the same.  I would first extract the msg to another file so I can see at the end of the day how much of these hits I get before configuring the email, and ideally a way to "stop it" (emailing) remotely like throwing a graphite rod to the reactor. :)

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.