Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Logging default deny and suppressing certain alerts in default deny

    Scheduled Pinned Locked Moved Firewalling
    2 Posts 2 Posters 277 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      ak
      last edited by

      I have lately re-setup my pfsense server, then got caught up in the 2.4 upgrade cycle. Luckily 2.4 upgrade just worked!

      Anyway - I like to log the default deny alerts in the firewall logs, then I can see any issues and fix rules if required. However, certain alerts once I have seen and don't care about I like to suppress. For example UDP on port 5353 keeps spamming the logs. I like to suppress logging of this if I can.

      I tried a floating rule with a block and immediate match and not to log but the logs still have this. Is there a way of doing this?

      Or do people have different 'workflow' ?

      1 Reply Last reply Reply Quote 0
      • V
        Velcro
        last edited by

        I have a "block all" at the end of my rules(at the bottom) with logging enabled…I have never tried what you are saying, but if I did I would try setting up a few rules just before my last "block all". In those rules I would turn logging "Off", those rules would consist of the logs I don't want to see...

        i.e.

        1. All my rules
        2. "...certain alerts once I have seen and don't care about.." "block" rules with logging "Off"
        3. "block all" rule with logging "ON"

        I would try using aliases in my rule #2 so my rules don't get too many…don't screw it up and make rule 2 or 3 "Allow"!

        Just my 2 cents, open to feedback, alternatives and rude remarks from the community if my suggestion is wrong!

        V

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.