Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Help with understanding firewall log

    Scheduled Pinned Locked Moved Firewalling
    5 Posts 2 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      Highroller
      last edited by

      Hello,

      I have been running PfSense for the past 6 months. It does a great job, and I have come a long way with my understanding of how to implement the system. I am still learning and have a couple (firewall for dummies) questions regard my firewall logs. For example,let say in my log: ACT=a red X, does this mean that on that interface the "Source IP" tries to connect to the "Destination IP", but was Blocked from connecting? Next the same question only this time ACT = Green arrow, does this mean that on that interface, the "Source IP" tries to connect to the "Destination IP", and was allowed to connect? I assume, this is how it reads, am I correct?

      Thanks for your help

      1 Reply Last reply Reply Quote 0
      • N
        Nachtfalke
        last edited by

        You are right.

        The ACT shows you what happens with this connection. RED means this connection was blocked and GREEN that it was allowed.

        1 Reply Last reply Reply Quote 0
        • H
          Highroller
          last edited by

          @Nachtfalke:

          You are right.

          The ACT shows you what happens with this connection. RED means this connection was blocked and GREEN that it was allowed.

          Thats what I thought!

          Is it safe to say that an interface with "NO" rules, means everything incoming asnd outgoing is blocked? If that is the case, then only rules, that are set to "PASS", will allow an incoming or outgoing connection! I hope I'm understanding this correctly.

          Thanks for your reply

          1 Reply Last reply Reply Quote 0
          • N
            Nachtfalke
            last edited by

            No.

            If there is no rule on LAN interface, there is an invisible rule "block any to any". This means that no traffic INITIATED FROM LAN TO PFSENSE/anywhere else is allowed. But this does not mean that someone from another interface could connect to this LAN (if on the other interfaces is the rule which allows this).

            Example:
            If you have LAN1 and there is no rule (all is blocked from this LAN1) and
            if you have LAN2 and there is a rule allowing everything.

            Than it is NOT possible for clients in LAN1 to connect to LAN2 or everywhere else BUT
            it is possible for clients on LAN2 to connect to LAN1 and everywhere else.

            So if you want to block access TO LAN1 FROM LAN2 than you have to put a block rule on LAN2 with destination LAN1.

            And always remember. Rules on the firewall will be applied from TOP to DOWN.

            Have fun :-)

            1 Reply Last reply Reply Quote 0
            • H
              Highroller
              last edited by

              @Nachtfalke:

              No.

              If there is no rule on LAN interface, there is an invisible rule "block any to any". This means that no traffic INITIATED FROM LAN TO PFSENSE/anywhere else is allowed. But this does not mean that someone from another interface could connect to this LAN (if on the other interfaces is the rule which allows this).

              Example:
              If you have LAN1 and there is no rule (all is blocked from this LAN1) and
              if you have LAN2 and there is a rule allowing everything.

              Than it is NOT possible for clients in LAN1 to connect to LAN2 or everywhere else BUT
              it is possible for clients on LAN2 to connect to LAN1 and everywhere else.

              So if you want to block access TO LAN1 FROM LAN2 than you have to put a block rule on LAN2 with destination LAN1.

              And always remember. Rules on the firewall will be applied from TOP to DOWN.

              Have fun :-)

              Great explanation and example! Got it!

              Thank You!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.