WAN Logs not displaying

blaytrail

Is their a reason the WAN logs do not show in the Firewall Log Entries? I see the LAN but not the WAN logs. Thanks.

Gertjan

Hi,

This one :

?

check that one and the default block all rule will start to log.
That will be the moment you understood why it is not checked by default.
Why do you want to know who is knocking on your door ?
You won't be able to make them stop anyway.

Another solution :
Do not check the setting mentioned above, but make your won "block all" rule on the WAN firewall interface - and check 'log' for that rule.

blaytrail

Thanks so much for the quick reply. I did create a new rule and blocked all IPv4 traffic on any port, source, and destination from getting in. Should I also select IPv4 +IPv6?

Also, is there a slack channel for live chat?

I just installed the firewall on Saturday. It nice to be able to block all incoming traffic.

johnpoz

@Gertjan said in WAN Logs not displaying:

That will be the moment you understood why it is not checked by default.

When did they change that to not be the default?

blaytrail

They had the default to block private networks and block bogon networks. I added a third one to block everything from the WAN. I like this so far. I installed the pfsense firewall on Saturday.

johnpoz

My point was that there is no reason to create a wan block all rule - by default on any interface there is default deny rule... And pretty sure out of the box its logged..

What Gertjan was saying is out of the box default that default deny is not logged, which I do not remember them changing.. And seems counter intuitive to me... I am clean installing p3 on a vm to see if by default that is on or off.

edit: Log default deny is default to log, not sure what @Gertjan is thinking

Gertjan

@blaytrail said in WAN Logs not displaying:

I did create a new rule and blocked all IPv4 traffic on any port, source, and destination from getting in

Where ?
On WAN I presume.
That wasn't needed, it's there already. See the doc.

@blaytrail said in WAN Logs not displaying:

Should I also select IPv4 +IPv6?

Where ?
On WAN ? In't needed - read the doc.

@blaytrail said in WAN Logs not displaying:

Also, is there a slack channel for live chat?

Impossible. You'll be loosing all the people that actually know things work.
The buz-makers where never good in explaining.
These channels are just word stream. It's more important that people start to think about what they write - and start to read what is written. The old-fashoined way.

Btw : pfSense has also a manual ....

@blaytrail said in WAN Logs not displaying:

It nice to be able to block all incoming traffic.

Like : "Just bought myself a plain. Would be nice if it can fly".
Well, as usual : dion't forget the pilot ^^

@blaytrail said in WAN Logs not displaying:

It nice to be able to block all incoming traffic.

A firewall always block incoming (that is : from WAN) connections by default. They all do. At least, in our solar system.

blaytrail

Thanks for the reply. I'm going to read through the document. Also, is there a way to turn off the web GUI? I wanted to make the device only accessible through the console?

Gertjan

@johnpoz said in WAN Logs not displaying:

not sure what @Gertjan is thinking

Me neither.
Ok, I'll rephrase that one : Somewhat unconsciously, I removed that check if it was present.
I had the pleasure for many years to a the real WAN IP on my pfSense, which is like making visible and available the rope of the church bell for every nut that passes along. Which means my circular firewall log was not rotating, it was more like whirling.
If I want logs, I'll ask for them.

johnpoz

@blaytrail said in WAN Logs not displaying:

I wanted to make the device only accessible through the console?

You would loose a lot of functionality if you did, pfsense is meant to be managed via the gui.. Not everything can be done via cli..

Lock down the gui access to only the IPs you want to manage the firewall from..

@Gertjan said in WAN Logs not displaying:

If I want logs, I'll ask for them.

I concur, that there is a lot of noise that you might not always want to see. I also have default deny log disabled, and I create block rules to log what I want. For example on wan all I want to see is SYN blocks, I could care less to see broadcast noise from the isp network, or junk UDP traffic, etc.

Gertjan

@blaytrail said in WAN Logs not displaying:

Also, is there a way to turn off the web GUI?

So, I must be a troll today and you feed me ?! ;)

No, you can't stop the GUI, but I promise you : when you do not visit the GUI - aka : login, it doesn't do pretty nothing.
So : keep the password for yourself, make the GUI only accessible to the LAN - hook up all other devices to a second LAN interface (so called OPT1) and on that interface you block all access to the GUI. You'll be fine.

If you want a firewall without GUI, check out ..... Cisco. ?!

blaytrail

Thanks. I like the idea of making the GUI only accessible on the LAN. I will be back in 30 minutes. I'm going to change the config. More to come :)

blaytrail

You guys rule!!

I set up a rule to only allow one pc to manage the firewall through the GUI. It works perfectly. I used the instructions here https://docs.netgate.com/pfsense/en/latest/firewall/restrict-access-to-management-interface.html. This is fun. :)

Thanks again.

Gertjan

@blaytrail said in WAN Logs not displaying:

This is fun. :)

And there is more to come !