States column
-
I am doing a review of my firewall rules and I have a question regarding the states column when looking at the rules list.
It shows X/X BI am a little confused with this.
I have done some reading that this is the amount traffic associated with a state. So that number will show 0/0B if there is no current state made using that rule. Does that mean that rule is not being used, or just that it is not being used at the time of viewing. When I look at my list of rules and see 0/0 B it makes me wonder if the traffic is being handled by a different rule that I am not expecting.Any clarification on this would be greatly appreciated.
Gord
-
That counter will reset for example if you reboot, or somehow reset the interface, etc.
But if you never see it show anything - then yeah that rule is most likely never seeing a trigger. The right X would show amount of traffic that has gone through that rule. The left X would show the active states for that rule.
So you might See say.. 23/7.44 MiB that is the current state on my lan rule - I had just rebooted this morning as I was walking out the door (update to current snap) but that is telling me there are currently 23 active states and total of 7.44 MB that has gone through the rule since counters were last reset.
Keep in mind that rules are evaluated top down, first rule to trigger wins no other rules are evaluated so if you have rule above that would trigger be it an allow or block its possible that you would never see anything on a rule because it is not placed correctly. This seems to be a very common issue with new users to pfsense not understanding the way rules are evaluated.. You see for example block rules below a any any rule, etc.
If you post up a screen shot of your rules, we can discuss if they are correct for what your wanting to do, etc. and why a rule might never see any hits.
-
Thanks. That helps. I am going to go over the rules and see what is going on. We had to make a lot of changes in a hurry recently so I need to clean things up now. We moved offices, and introduced VOIP at the same time. Lots of fun.