Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Default deny - strange behavior

    Firewalling
    3
    4
    279
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      Laplacian
      last edited by

      I have several VLANs set up with rules that allow outbound any/any to internet.
      968d972b-9f55-4ea7-995c-7083471ba87d-image.png
      or
      0b61bff4-e702-475b-83b1-e937efd59829-image.png
      These VLANs work as expected (I think), but I am noticing that there are logs that show traffic is blocked to some random internet IP (usually something in AWS or google).

      cb0186a0-2174-46f4-a20a-ae75f582765d-image.png

      or
      fddb2745-39a5-4b3b-b57d-1a0d7b2c16e4-image.png

      Why is default deny kicking in here? I am explicitly allowing outbound traffic to the internet on these interfaces (per my rules above).

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Rebel Alliance @Laplacian
        last edited by

        @laplacian see if this is it:
        https://docs.netgate.com/pfsense/en/latest/troubleshooting/log-filter-blocked.html

        We usually just disable logging of the default block rules, unless troubleshooting something.

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        1 Reply Last reply Reply Quote 0
        • L
          Laplacian
          last edited by

          @steveits Okay, that's probably it. And now I'm able to search and see many others have had the same concern. Is there a way to suppress these other than disabling the logging for the default deny?

          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @Laplacian
            last edited by

            @laplacian those are all out of state.. yeah if your logging default you will see those.

            I also disable default logging and only log syn and common udp ports.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.03 | Lab VMs 2.7.2, 24.03

            1 Reply Last reply Reply Quote 0
            • First post
              Last post