Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [SOLVED] Firewall log incorrectly logging permitted traffic to firewall log

    Scheduled Pinned Locked Moved 2.1 Snapshot Feedback and Problems - RETIRED
    5 Posts 2 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      inflamer
      last edited by

      After upgrading to "2.1-BETA0 (amd64) built on Fri Nov 2 10:50:14 EDT 2012", the firewall log shows a lot of permitted traffic between WAN and LAN.

      I have the default 'allow any outbound' on my LAN interface, with logging disabled.

      Nonetheless, the firewall log is showing a lot of permitted traffic between WAN and LAN, and when I click on the green 'pass' symbol on the firewall log page to see which rule allowed this traffic, the web simly states 'The rule that triggered this action is:' and nothing else.

      I have not yet tried to reboot my pfSense (Need to find a service window first), but I was wondering if anyone else is seeing this?

      The only rule which I've enabled logging for is on my WAN interface which is related to a port forward.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Some other things can result in logged passing depending on options, like UPnP.

        If the rule description came back empty, UPnP is also most likely as the rules are dynamic and they could have been removed by the time you spotted them in the log.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • I
          inflamer
          last edited by

          It seems you are correct jimp, thanks for spotting that.

          Any chance we can have the rule description state that this pass action was due to UPnP, NAT-PMP and so forth, to improve the usability/supportability?

          Thanks,
          A

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            If the UPnP rule was still active when you check, it should show it there.

            If the UPnP rule was removed by the time you checked, there is nothing to show.

            There is no way to store the rule description with the log messages in that way. The descriptions are pulled dynamically based on the rule number stored in the log file, so with dynamic rules it's easy for them to get lost.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • I
              inflamer
              last edited by

              Gotcha, thanks for clarifying in any case :)

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.