Reject is reported a block in log
ALIX 2D3 LX800
on a 4GB CF Card:
built on Wed Mar 23 10:22:32 EDT 2011
WAN (wan) -> pppoe0 -> zzz.zzz.zzz.246 (PPPoE)
LAN (lan) -> vr1 -> 192.168.45.1
OPT1 (opt1) -> vr2 -> 192.168.46.1
Configuration by hand from factory default. (Not a restore from 1.2.3 as I swapped some cables.)
I believe that I have configured a reject (not block) for UDP packets from a specific address. I am using 1:1 NAT on a PPPoE WAN with a /29 subnet (zzz.zzz.zzz.240 - zzz.zzz.zzz.247 with 241 to 244 NATted, pfSense router at 246)
Firewall Rules: WAN
reject (yellow icon)
Destination: gx620 (alias for 192.168.45.5)
Description: rejected UDP
With the above rule the firewall log is showing a block, not a reject.
@45 block return in log quick on pppoe0 reply-to (pppoe0 xxx.xxx.xxx.145) inet proto udp from yyy.yyy.yyy.202 to gx620:1label "USER_RULE: rejected UDP"
The rules are showing reject, the log reporting block. Have I configured or interpreted something incorrectly or is there a problem here ?</gx620:1>
A reject is a block + a icmp packet returned.
The interface of pfSense tries to make that simple but the application behind used for this, pf(4), knows reject as a 'block return'.
Thank you. That answers the question. Now I know to look for 'block return' in the firewall log for rejected packets.
As a newbie I naively expected the formatted log to show yellow 'rejected' icons and to have 'rejected' as the hover text.
The reject showing in the logs really only works for TCP connections which do support a reset in that way. UDP handles it as ermal describes, and other protocols can't use reject at all.