Confused, pls help

  • When I am trying top analyze FW logs and see something like this
      how can I correlate to what exact rule caused it?

  • It's the "Default deny rule IPv4" as shown.

    That is an invisible rule on the bottom of the rule set on any pfSense interface, which blocks any IPv4 packets. So any packets which are not match a rule above are blocked by this rule.

    The same rule exists for IPv6 if you've activated it.

  • @viragomann
    why is it invisible ?  is it wan as well as on lan ?

  • @chudak:

    why is it invisible ?  is it wan as well as on lan ?

    In other quarters it's known as the implicit deny rule. I suppose it's invisible just to tell you it's there whether you want it or not. It's customary of firewalls and filter lists, the rules are executed from top to bottom so:

    Allow this  (yours created rule)
    Allow that (yours created rule)
    Implicit Deny

    The Implicit Deny rule is applied both ways.

  • It is a default firewall behaviour to block any traffic which is not explicit allowed by a firewall rule. So there is no need to put a visible rule to the rule set.
    To handle that behaviour by a rule makes it possible to log the actions and to find the responsible rule.

    Logging of the default deny rule can be configured in the log settings.

    Such rule is added to any interface on pfSense.

  • thank you all!

Log in to reply