Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Confused, pls help

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 3 Posters 806 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • chudakC
      chudak
      last edited by

      When I am trying top analyze FW logs and see something like this https://snag.gy/Tap7JF.jpg
        how can I correlate to what exact rule caused it?

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        It's the "Default deny rule IPv4" as shown.

        That is an invisible rule on the bottom of the rule set on any pfSense interface, which blocks any IPv4 packets. So any packets which are not match a rule above are blocked by this rule.

        The same rule exists for IPv6 if you've activated it.

        1 Reply Last reply Reply Quote 0
        • chudakC
          chudak
          last edited by

          @viragomann
          why is it invisible ?  is it wan as well as on lan ?

          1 Reply Last reply Reply Quote 0
          • SammyWooS
            SammyWoo
            last edited by

            @chudak:

            @viragomann
            why is it invisible ?  is it wan as well as on lan ?

            In other quarters it's known as the implicit deny rule. I suppose it's invisible just to tell you it's there whether you want it or not. It's customary of firewalls and filter lists, the rules are executed from top to bottom so:

            Allow this  (yours created rule)
            Allow that (yours created rule)
            Implicit Deny

            The Implicit Deny rule is applied both ways.

            1 Reply Last reply Reply Quote 0
            • V
              viragomann
              last edited by

              It is a default firewall behaviour to block any traffic which is not explicit allowed by a firewall rule. So there is no need to put a visible rule to the rule set.
              To handle that behaviour by a rule makes it possible to log the actions and to find the responsible rule.

              Logging of the default deny rule can be configured in the log settings.

              Such rule is added to any interface on pfSense.

              1 Reply Last reply Reply Quote 0
              • chudakC
                chudak
                last edited by

                thank you all!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.