Can't stop some firewall logs to be generated



  • I shared this one on the forum previously  and tried to find a workaround solution but couldn't succeed.

    http://forum.pfsense.org/index.php/topic,55774.msg298392.html#msg298392

    Even if you disable logging on some logs in Firewall -> Rules, pf continues to generate these logs in anyway.

    This seems like an annoying bug.


  • Rebel Alliance Developer Netgate

    It depends on what rule is being matched. If it's got a private network source and you block private networks, it will log that. You can disable the private network block and make your own non-logging version of it.



  • @jimp:

    It depends on what rule is being matched. If it's got a private network source and you block private networks, it will log that. You can disable the private network block and make your own non-logging version of it.

    I've already tried that. I disabled the "Block private networks" on the interface and created the below alias for private networks and block it without requesting any log file.

    Still have the following IGMP logs


  • Rebel Alliance Developer Netgate

    The interface shows as "em0" which suggests that interface isn't actually assigned somehow. Sure you don't have an error somewhere else in your config?

    Also you can disable logging of the default deny rule on the Settings tab in the system logs.



  • @jimp:

    The interface shows as "em0" which suggests that interface isn't actually assigned somehow. Sure you don't have an error somewhere else in your config?

    My WAN connection is a PPPOE connection on em0.

    When a connection is blocked over PPPOE, firewall indicates it as WAN. However, when a packet is blocked from the em0 port but not from the PPPOE, the pf indicates it as em0.

    Also you can disable logging of the default deny rule on the Settings tab in the system logs.

    This works fine but with this option, I also lose some important information.


  • Rebel Alliance Developer Netgate

    ok, so then also assign em0 as an interface, and put a rule there to block with no logging.

    If you give it an IP in the same subnet as your modem you can even access your modem's IP this way. There's a howto on the doc wiki for that.



  • That's how it should work. em0 isn't assigned, hence has no firewall rules. There is traffic coming in on it, and it's getting blocked as it should be, and logged by the default deny rule. Do as Jim suggested and you can prevent that from being logged.


Locked