Logging default rules



  • I have pfsense 1.2.2 and a separate syslog server. I am using the Squid plugin. I have set every user-generated rule to be logged (which is working fine).

    None of the things Squid fetches are showing up in my logs. I think the problem is that /etc/inc/filter.inc creates a bunch of default rules (usually labelled "let out anything from firewall rule itself") which are not logged. Is there a clean way to log these rules?

    I guess I could edit /etc/inc/filter.inc itself, but that will break as soon as I upgrade (which will be really soon now, because I am a release behind). I am also reluctant to mess too much with filter.inc in fear of breaking something. Is there a better way to make logging happen?

    I am also a little worried about unleashing a logging avalanche because a firewall rule triggers and localhost sends a message to my syslog server. Since that is also a packet it will also be logged, but that will in turn send more output to the syslog server. What is the best way to avoid this sort of thing? Should I make an unlogged user rule allowing access to my syslog server?


Log in to reply