? for pfsense Developers

  • Do you think its possible to make the the Pfsense 2.0 Status: System logs: Firewall
    page look like and display the information that is listed in the attachment below.

    or if not maybe some can create a  Dashboard Widget


  • Rebel Alliance Developer Netgate

    No, because that is a log from something sniffing the actual traffic, not a firewall log.

    You're after something like squid that can read the data from inside the packets and log where people go.

    Or at the very least a package for something like urlsnarf that can just read/log and not proxy. That would be a bit of work though, not something people are jumping all over themselves to volunteer to code. :-)

  • jimp look at the last 2 couldn't Pfsense 2.0 Status: System logs: Firewall
    page be able to display the domain/URL as well as IP address something like

    Destination          cc        domain/URL    GB        ad.yieldmanager.com

    it would make stuff a lot easier for people who don't use squid.

  • Rebel Alliance Developer Netgate


    All you know is the IP from the firewall log - at best you can guess the country with something like GeoIP but it's just a guess - you cannot get the URL unless you luck out and find that the IP actually reverse resolves to something meaningful.

    Many sites are hosted as virtual hosts, so there are 10, 100, 1000 "URLs" on a single IP address. The only way to know the URL is to sniff/proxy the traffic. You cannot get that from the IP.

    To do reverse DNS on the entire firewall log would take far too long to be practical, even just the part shown in the GUI. There is already a link (a little i) that will take you to Diagnostics > DNS with that IP if you really want to do a reverse lookup.

Log in to reply