Relating Error Message back to the GUI
-
Can someone please tell me… if I see something like this in the firewall logs
Jan 14 02:53:13 LAN Default Block (1483693418) 192.168.1.10:33732 127.0.0.1:8443 TCP:S
What does the number (1483693418) mean?
Can I used the shell to look in some file that will give me a hint as to what is causing the item to be blocked?
Any suggestions would me much appreciated.
-
The hint is that it's the default block on LAN. Normally LAN has no rules other than an Allow Any for All which gives full access from LAN. Have you modified the default LAN rules?
-
Thanks…. that makes sense... got it figured out.
What does the number (1483693418) refer to?
Is it useful for troubleshooting? -
What does the number (1483693418) refer to?
Is it useful for troubleshooting?That's a unique tracker ID. Each rule has one, look at pfctl -vvsr output.
-
I would think that is a Unix time stamp, so yeah it`s unique ;)
1483693418 = Fri, 06 Jan 2017 09:03:38 GMT -
I would think that is a Unix time stamp, so yeah it`s unique ;)
1483693418 = Fri, 06 Jan 2017 09:03:38 GMTThis assuming you can't create two rules within one second :P Hopefully the rule creation system is aware of this…
-
Thanks very much everyone for the replies…. and special thank to doktornotor for look at pfctl -vvsr output.
That really helps a lot, I can clearly see what is going on.
I have IPv6 turned off, but this rule:
@5(1000000003) block drop in log quick inet6 all label "Block all IPv6"
[ Evaluations: 58461 Packets: 4893 Bytes: 1025925 States: 0 ]is filling my log up with hundreds of lines of:
Jan 17 17:36:49 WAN Block all IPv6 (1000000003) [fe80::2fc:8dff:fe24:8b32] [ff02::1] ICMPv6and it's above all the rules created by the GUI. Is there any way for me to get rid of these things?
-
Is there any way for me to get rid of these things?
Add or edit your IPv6 block rule and set it to not log.
-
@KOM:
Is there any way for me to get rid of these things?
Add or edit your IPv6 block rule and set it to not log.
Where would I edit this rule? It is auto generated by the firewall, and @5(1000000003) it is way up the chain above the user generated rules.
At least using pfctl -vvsr lets me see what is REALLY going on. I love the GUI, but sometimes there is nothing better than a good old fashioned terminal - as long as you know what to do with it (which can be a huge challenge).
-
Add your OWN rule there to block any IPv6 WITHOUT logging. ZOMG.
-
This question morphed, so as not to have two threads on the same topic…. I've answered here.
https://forum.pfsense.org/index.php?topic=124074.msg685263#msg685263
The key message of this thread for anyone is:
Use the shell and look at pfctl -vvsr output.
-
Yeah, the key answer to this thread is - add your own rule to block IPv6 as already told zillion times. Done. Move on. Nothing else. 1 minute. Done.