Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Logging traffic on rule even if logging is switched off for the current rule

    Scheduled Pinned Locked Moved 1.2.3-PRERELEASE-TESTING snapshots - RETIRED
    1 Posts 1 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      eskild
      last edited by 

      
Using: pfSense-Full-Update-1.2.3-20090407-0949.tgz.gz

The following is logged on syslog and in "Diagnostics: System logs: Firewall" when "Show raw filter logs" is enabled. If "Show raw filter logs" is disabled, the entry is only visible on the syslog server:

pf: 7\. 969869 rule 204/8(ip-option): pass in on rl0: (tos 0x0, ttl 54, id 78, offset 0, flags [DF], proto TCP (6), length 313, options (EOL)) xx.xxx.xxx.xx.50039 > 192.168.123.29.61456: P 0:257(257) ack 1 win 33120 <nop,nop,timestamp 0="" 7120472="">The logging for this rule is not enabled:

 <rule><type>pass</type>
			<interface>wan</interface>
			 <max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
			 <os><protocol>tcp/udp</protocol>
			<source>
				 <any><destination><address>192.168.123.29</address>

				<port>61456</port></destination></any></os></statetimeout></max-src-states></max-src-nodes></rule> 

I have not noticed this behaviour for other rules.

Besides this, thank you for this excellent firewall.</nop,nop,timestamp>
      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.