Logging default deny and suppressing certain alerts in default deny



  • I have lately re-setup my pfsense server, then got caught up in the 2.4 upgrade cycle. Luckily 2.4 upgrade just worked!

    Anyway - I like to log the default deny alerts in the firewall logs, then I can see any issues and fix rules if required. However, certain alerts once I have seen and don't care about I like to suppress. For example UDP on port 5353 keeps spamming the logs. I like to suppress logging of this if I can.

    I tried a floating rule with a block and immediate match and not to log but the logs still have this. Is there a way of doing this?

    Or do people have different 'workflow' ?



  • I have a "block all" at the end of my rules(at the bottom) with logging enabled…I have never tried what you are saying, but if I did I would try setting up a few rules just before my last "block all". In those rules I would turn logging "Off", those rules would consist of the logs I don't want to see...

    i.e.

    1. All my rules
    2. "...certain alerts once I have seen and don't care about.." "block" rules with logging "Off"
    3. "block all" rule with logging "ON"

    I would try using aliases in my rule #2 so my rules don't get too many…don't screw it up and make rule 2 or 3 "Allow"!

    Just my 2 cents, open to feedback, alternatives and rude remarks from the community if my suggestion is wrong!

    V