Super Dumb Question re Logs

  • Been having 'issues' with IPSec so have been paying more attention to the firewall log than usual - and I have come to a conclusion.

    I have no idea how to link a log entry to a particular rule  … I mean rule 179 doesn't exactly tell me much - given that none of my rules have numbers.

    i.e. pf: 124. 995672 rule 179/0(match): block in on ng0:

    sure I know it was blocked, sure I can even identify the IP Addresses and there is a short 'description' i.e igmp query v2 but thats it ....

    This is just an example of the problem for me - can somebody please explain this stuff ...  pf: 124. 995672 rule 179/0(match)

    And tell me how to identify the 'rule' that it thinks matches.

  • Rebel Alliance Developer Netgate

    If you view the logs in the gui, click the red "x" icon and it will show a window with the rule.

    From the CLI, use the output of "pfctl -vvsr"

  • I am looking from the web interface and …. what red cross ?????

    There are no red crosses anywhere on my log window.

    And then I changed the view .... there is the red cross on the simple view .... when viewing in raw format there is no red cross - and I've only been using pFsense 2 years  :-[