[SOLVED] Firewall log incorrectly logging permitted traffic to firewall log



  • After upgrading to "2.1-BETA0 (amd64) built on Fri Nov 2 10:50:14 EDT 2012", the firewall log shows a lot of permitted traffic between WAN and LAN.

    I have the default 'allow any outbound' on my LAN interface, with logging disabled.

    Nonetheless, the firewall log is showing a lot of permitted traffic between WAN and LAN, and when I click on the green 'pass' symbol on the firewall log page to see which rule allowed this traffic, the web simly states 'The rule that triggered this action is:' and nothing else.

    I have not yet tried to reboot my pfSense (Need to find a service window first), but I was wondering if anyone else is seeing this?

    The only rule which I've enabled logging for is on my WAN interface which is related to a port forward.


  • Rebel Alliance Developer Netgate

    Some other things can result in logged passing depending on options, like UPnP.

    If the rule description came back empty, UPnP is also most likely as the rules are dynamic and they could have been removed by the time you spotted them in the log.



  • It seems you are correct jimp, thanks for spotting that.

    Any chance we can have the rule description state that this pass action was due to UPnP, NAT-PMP and so forth, to improve the usability/supportability?

    Thanks,
    A


  • Rebel Alliance Developer Netgate

    If the UPnP rule was still active when you check, it should show it there.

    If the UPnP rule was removed by the time you checked, there is nothing to show.

    There is no way to store the rule description with the log messages in that way. The descriptions are pulled dynamically based on the rule number stored in the log file, so with dynamic rules it's easy for them to get lost.



  • Gotcha, thanks for clarifying in any case :)


Log in to reply