1. Home
  2. pfSense® Software
  3. Firewalling
  4. Logging default rules

Logging default rules

  • T

    I have pfsense 1.2.2 and a separate syslog server. I am using the Squid plugin. I have set every user-generated rule to be logged (which is working fine).

    None of the things Squid fetches are showing up in my logs. I think the problem is that /etc/inc/filter.inc creates a bunch of default rules (usually labelled "let out anything from firewall rule itself") which are not logged. Is there a clean way to log these rules?

    I guess I could edit /etc/inc/filter.inc itself, but that will break as soon as I upgrade (which will be really soon now, because I am a release behind). I am also reluctant to mess too much with filter.inc in fear of breaking something. Is there a better way to make logging happen?

    I am also a little worried about unleashing a logging avalanche because a firewall rule triggers and localhost sends a message to my syslog server. Since that is also a packet it will also be logged, but that will in turn send more output to the syslog server. What is the best way to avoid this sort of thing? Should I make an unlogged user rule allowing access to my syslog server?

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy