• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Relating Error Message back to the GUI

Scheduled Pinned Locked Moved Firewalling
12 Posts 5 Posters 1.6k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • G
    guardian Rebel Alliance
    last edited by Jan 14, 2017, 8:50 AM

    Can someone please tell me… if I see something like this in the firewall logs

    Jan 14 02:53:13 LAN Default Block (1483693418) 192.168.1.10:33732 127.0.0.1:8443 TCP:S

    What does the number (1483693418)  mean?

    Can I used the shell to look in some file that will give me a hint as to what is causing the item to be blocked?

    Any suggestions would me much appreciated.

    If you find my post useful, please give it a thumbs up!
    pfSense 2.7.2-RELEASE

    1 Reply Last reply Reply Quote 0
    • K
      KOM
      last edited by Jan 16, 2017, 3:45 PM

      The hint is that it's the default block on LAN.  Normally LAN has no rules other than an Allow Any for All which gives full access from LAN.  Have you modified the default LAN rules?

      1 Reply Last reply Reply Quote 0
      • G
        guardian Rebel Alliance
        last edited by Jan 17, 2017, 12:19 AM

        Thanks…. that makes sense... got it figured out.

        What does the number (1483693418) refer to? 
        Is it useful for troubleshooting?

        If you find my post useful, please give it a thumbs up!
        pfSense 2.7.2-RELEASE

        1 Reply Last reply Reply Quote 0
        • D
          doktornotor Banned
          last edited by Jan 17, 2017, 8:08 AM

          @guardian:

          What does the number (1483693418) refer to? 
          Is it useful for troubleshooting?

          That's a unique tracker ID. Each rule has one, look at pfctl -vvsr output.

          1 Reply Last reply Reply Quote 0
          • P
            Pippin
            last edited by Jan 17, 2017, 8:47 AM

            I would think that is a Unix time stamp, so yeah it`s unique ;)
            1483693418 = Fri, 06 Jan 2017 09:03:38 GMT

            I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
            Halton Arp

            1 Reply Last reply Reply Quote 0
            • K
              kpa
              last edited by Jan 17, 2017, 9:04 AM

              @Pippin:

              I would think that is a Unix time stamp, so yeah it`s unique ;)
              1483693418 = Fri, 06 Jan 2017 09:03:38 GMT

              This assuming you can't create two rules within one second :P Hopefully the rule creation system is aware of this…

              1 Reply Last reply Reply Quote 0
              • G
                guardian Rebel Alliance
                last edited by Jan 17, 2017, 10:43 PM

                Thanks very much everyone for the replies…. and special thank to doktornotor for look at pfctl -vvsr output.

                That really helps a lot, I can clearly see what is going on.

                I have IPv6 turned off, but this rule:

                @5(1000000003) block drop in log quick inet6 all label "Block all IPv6"
                  [ Evaluations: 58461    Packets: 4893      Bytes: 1025925    States: 0    ]

                is filling my log up with hundreds of lines of:
                Jan 17 17:36:49 WAN Block all IPv6 (1000000003) [fe80::2fc:8dff:fe24:8b32] [ff02::1] ICMPv6

                and it's above all the rules created by the GUI.  Is there any way for me to get rid of these things?

                If you find my post useful, please give it a thumbs up!
                pfSense 2.7.2-RELEASE

                1 Reply Last reply Reply Quote 0
                • K
                  KOM
                  last edited by Jan 18, 2017, 2:15 PM

                  Is there any way for me to get rid of these things?

                  Add or edit your IPv6 block rule and set it to not log.

                  1 Reply Last reply Reply Quote 0
                  • G
                    guardian Rebel Alliance
                    last edited by Jan 18, 2017, 2:31 PM

                    @KOM:

                    Is there any way for me to get rid of these things?

                    Add or edit your IPv6 block rule and set it to not log.

                    Where would I edit this rule?  It is auto generated by the firewall, and @5(1000000003) it is way up the chain above the user generated rules.

                    At least using pfctl -vvsr lets me see what is REALLY going on.  I love the GUI, but sometimes there is nothing better than a good old fashioned terminal - as long as you know what to do with it (which can be a huge challenge).

                    If you find my post useful, please give it a thumbs up!
                    pfSense 2.7.2-RELEASE

                    1 Reply Last reply Reply Quote 0
                    • D
                      doktornotor Banned
                      last edited by Jan 18, 2017, 2:37 PM

                      Add your OWN rule there to block any IPv6 WITHOUT logging. ZOMG.

                      1 Reply Last reply Reply Quote 0
                      • G
                        guardian Rebel Alliance
                        last edited by Jan 18, 2017, 2:45 PM

                        This question morphed, so as not to have two threads on the same topic…. I've answered here.

                        https://forum.pfsense.org/index.php?topic=124074.msg685263#msg685263

                        The key message of this thread for anyone is:

                        Use the shell and look at pfctl -vvsr output.

                        If you find my post useful, please give it a thumbs up!
                        pfSense 2.7.2-RELEASE

                        1 Reply Last reply Reply Quote 0
                        • D
                          doktornotor Banned
                          last edited by Jan 18, 2017, 7:53 PM

                          Yeah, the key answer to this thread is - add your own rule to block IPv6 as already told zillion times. Done. Move on. Nothing else. 1 minute. Done.

                          1 Reply Last reply Reply Quote 0
                          12 out of 12
                          • First post
                            12/12
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                            This community forum collects and processes your personal information.
                            consent.not_received