Reading firewall rules match

  • Hi folks,

    New to PFsense so please bare with me if I am asking an old recurrent question here that has already been answered. I searched the forum and the docs but haven't found a clear and concise answer yet.

    I see some traffic from my lan interface being blocked. Typically the message line would begin like this :

    5,16777216,,1000000103,fxp0,match,block ...

    So I googled and poked around, and found out that the command pftcl -vvsr would give a somewhat detailed description of the rule that matched the "block" action in the FW:

    [2.3-RELEASE][root@pfSense.ZoneA]/var/log: pfctl -vvsr | grep "@5"
    @5(1000000103) block drop in log inet all label "Default deny rule IPv4"

    So I know that my rule #5 with tracker number 1000000103 means "block drop in log inet all label "Default deny rule IPv4", but I am not sure what that means?
    What are my local machines doing on my LAN so pfsense see that activity as potentially hostile?
    Not that it is blocking me from doing anything, but I am just curious.

    Also, I couldn't find out what the sub rule 16777216 is? Is there a way to find more information about that sub rule from the web interface, or any shell command?


  • LAYER 8 Global Moderator

    sho your log in a screen shot showing the items you have questions on.  More than likely its just out of state traffic being blocked.

Log in to reply