Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Firewall Rule Logging (for PERMIT Rule)

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 2 Posters 409 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      anengelsen
      last edited by anengelsen

      I have a firewall (pass/allow) rule that has logging enabled.

      Screen Shot 2020-05-06 at 1.31.40 PM.png

      However, when I go to the firewall log monitor I am unable to locate the (permit) rule. Currently my firewall log is only showing denied traffic.

      Screen Shot 2020-05-06 at 10.18.01 AM.png

      Can anyone shed some light on the situation? Thanks!

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        Nothing has matched the rule since the change.

        If that traffic is passing then either some other rule is passing it or you still have states open from before you added logging so the new rule has not applied yet.

        Steve

        A 1 Reply Last reply Reply Quote 0
        • A
          anengelsen @stephenw10
          last edited by

          @stephenw10 This traffic originates from the WAN port (because AWS is the source).

          I only have (2) pass/permit rules on the WAN interface. As such, I can safely say that no other firewall rule is capturing (and allowing) the traffic.

          Screen Shot 2020-05-07 at 2.17.10 PM.png

          To rule out the "open state" theory. I rebooted the PFsense box. After applying filters to the Firewall Log I am (still) told: "no logs to display".

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by stephenw10

            Hmm, well you can see that rule has created states so those should have been logged.

            Is the firewall logging anything at all? Sometimes logging can stop entirely if something else has broken it.

            Is it logging so many blocks that those pass logs are being cycled out of the logs before you filter for them? Like if you are seeing a DoS attack.

            Steve

            A 1 Reply Last reply Reply Quote 0
            • A
              anengelsen @stephenw10
              last edited by

              @stephenw10 PFsense is definitely logging events (within the Firewall log view).

              Currently, the log is only showing the denied traffic.

              Based on the timestamps, it looks like I am not encountering a DoS attack.

              Screen Shot 2020-05-07 at 4.32.04 PM.png

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.