Disable logging of default deny
-
I wanted to turn off "default deny" logging so I created a rule at the end of the rule set denying all source to all destination on all ports and protocols. Rule is set to not log. Yet, "default deny" still logs.
This solution was suggested here: https://forum.netgate.com/topic/10505/disable-logging-of-default-deny-rule
-
@peterlecki if you don't want to log default, then just turn it off.
In the system logs settings
What exactly was being logged that you don't want to see? Keep in mind while that might not log IPv4, you could still be logging out of state traffic, etc.
Where exactly did you place that rule? It doesn't even show that its being evaluated as of yet, see the 0/0 B means nothing has triggered that rule.
-
@johnpoz
That rule was at the very end of the rule set. I only made it because saw that suggested in another thread. I was hoping for such a setting that you pointed out that the previous threads I read were not aware of so thank you for this. -
@peterlecki creating a rule at the end that blocks and does not log can work for some traffic. But that rule for example wouldn't stop out of state traffic. wouldn't stop ipv6 traffic.
Which is why I asked to see what where you actually seeing in the logs..
And are you seeing that rule evaluated - because again what you posted 0/0 which means that rule was never evaluated to not even not log something.