Firewall logging is logging things that aren't supposed to be logged

  • I've got an odd issue.  I've got a single firewall rule that is set to log.  The rule is that when any machine not a part of a MailHosts alias tries to connect to port 25 on a non-local server, the connection is blocked and logged.  I would expect then that the only entries in my firewall log would be those that are a machine connecting to a remote server on port 25.

    Instead, I'm getting my logs filled with entries for a single system that is connecting via passive ftp to a remote server (one of mine), with destination ports > 50000.

    The icon next to the log entry is the little green arrow, implying that the traffic is being logged but not blocked.  When I click on the little arrow, it tells me "The rule that triggered this action is:" and then doesn't say anything.


  • Make sure your interface isn't in promiscuous mode, this can sometimes happen when you install some packages, often traffic monitoring/analysis packages.

    In the shell you can run ifconfig, check the relevant interface doesn't have "PROMISC" in the flags section.

  • Rebel Alliance Developer Netgate

    The ftp proxy logs allowed connections, that is likely what you are seeing in the log.

Log in to reply