Reject is reported a block in log
-
ALIX 2D3 LX800
on a 4GB CF Card:
pfSense-2.0-RC1-2g-i386-20110226-1633-nanobsd.img.gzupdated to:
2.0-RC1 (i386)
built on Wed Mar 23 10:22:32 EDT 2011WAN (wan) -> pppoe0 -> zzz.zzz.zzz.246 (PPPoE)
LAN (lan) -> vr1 -> 192.168.45.1
OPT1 (opt1) -> vr2 -> 192.168.46.1Configuration by hand from factory default. (Not a restore from 1.2.3 as I swapped some cables.)
I believe that I have configured a reject (not block) for UDP packets from a specific address. I am using 1:1 NAT on a PPPoE WAN with a /29 subnet (zzz.zzz.zzz.240 - zzz.zzz.zzz.247 with 241 to 244 NATted, pfSense router at 246)
Firewall Rules: WAN
reject (yellow icon)
Proto: UDP
Source: yyy.yyy.yyy.202
Destination: gx620 (alias for 192.168.45.5)
Description: rejected UDPWith the above rule the firewall log is showing a block, not a reject.
@45 block return in log quick on pppoe0 reply-to (pppoe0 xxx.xxx.xxx.145) inet proto udp from yyy.yyy.yyy.202 to gx620:1label "USER_RULE: rejected UDP"
The rules are showing reject, the log reporting block. Have I configured or interpreted something incorrectly or is there a problem here ?</gx620:1>
-
A reject is a block + a icmp packet returned.
The interface of pfSense tries to make that simple but the application behind used for this, pf(4), knows reject as a 'block return'. -
Thank you. That answers the question. Now I know to look for 'block return' in the firewall log for rejected packets.
As a newbie I naively expected the formatted log to show yellow 'rejected' icons and to have 'rejected' as the hover text.
-
The reject showing in the logs really only works for TCP connections which do support a reset in that way. UDP handles it as ermal describes, and other protocols can't use reject at all.