Logging traffic on rule even if logging is switched off for the current rule



  • 
    Using: pfSense-Full-Update-1.2.3-20090407-0949.tgz.gz
    
    The following is logged on syslog and in "Diagnostics: System logs: Firewall" when "Show raw filter logs" is enabled. If "Show raw filter logs" is disabled, the entry is only visible on the syslog server:
    
    pf: 7\. 969869 rule 204/8(ip-option): pass in on rl0: (tos 0x0, ttl 54, id 78, offset 0, flags [DF], proto TCP (6), length 313, options (EOL)) xx.xxx.xxx.xx.50039 > 192.168.123.29.61456: P 0:257(257) ack 1 win 33120 <nop,nop,timestamp 0="" 7120472="">The logging for this rule is not enabled:
    
     <rule><type>pass</type>
    			<interface>wan</interface>
    			 <max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
    			 <os><protocol>tcp/udp</protocol>
    			<source>
    				 <any><destination><address>192.168.123.29</address>
    
    				<port>61456</port></destination></any></os></statetimeout></max-src-states></max-src-nodes></rule> 
    
    I have not noticed this behaviour for other rules.
    
    Besides this, thank you for this excellent firewall.</nop,nop,timestamp> 
    

Log in to reply