4. Logging default deny and suppressing certain alerts in default deny

Logging default deny and suppressing certain alerts in default deny

  • A

    I have lately re-setup my pfsense server, then got caught up in the 2.4 upgrade cycle. Luckily 2.4 upgrade just worked!

    Anyway - I like to log the default deny alerts in the firewall logs, then I can see any issues and fix rules if required. However, certain alerts once I have seen and don't care about I like to suppress. For example UDP on port 5353 keeps spamming the logs. I like to suppress logging of this if I can.

    I tried a floating rule with a block and immediate match and not to log but the logs still have this. Is there a way of doing this?

    Or do people have different 'workflow' ?

    0
  • V

    I have a "block all" at the end of my rules(at the bottom) with logging enabled…I have never tried what you are saying, but if I did I would try setting up a few rules just before my last "block all". In those rules I would turn logging "Off", those rules would consist of the logs I don't want to see...

    i.e.

    1. All my rules
    2. "...certain alerts once I have seen and don't care about.." "block" rules with logging "Off"
    3. "block all" rule with logging "ON"

    I would try using aliases in my rule #2 so my rules don't get too many…don't screw it up and make rule 2 or 3 "Allow"!

    Just my 2 cents, open to feedback, alternatives and rude remarks from the community if my suggestion is wrong!

    V

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy