4. Reading firewall rules match

Reading firewall rules match

  • B

    Hi folks,

    New to PFsense so please bare with me if I am asking an old recurrent question here that has already been answered. I searched the forum and the docs but haven't found a clear and concise answer yet.

    I see some traffic from my lan interface being blocked. Typically the message line would begin like this :

    5,16777216,,1000000103,fxp0,match,block ...

    So I googled and poked around, and found out that the command pftcl -vvsr would give a somewhat detailed description of the rule that matched the "block" action in the FW:

    [2.3-RELEASE][root@pfSense.ZoneA]/var/log: pfctl -vvsr | grep "@5"
@5(1000000103) block drop in log inet all label "Default deny rule IPv4"

    So I know that my rule #5 with tracker number 1000000103 means "block drop in log inet all label "Default deny rule IPv4", but I am not sure what that means?
    What are my local machines doing on my LAN so pfsense see that activity as potentially hostile?
    Not that it is blocking me from doing anything, but I am just curious.

    Also, I couldn't find out what the sub rule 16777216 is? Is there a way to find more information about that sub rule from the web interface, or any shell command?

    Thanks

    0
  • LAYER 8 Global Moderator

    sho your log in a screen shot showing the items you have questions on.  More than likely its just out of state traffic being blocked.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy