• Hi, I've see that in firewall log I have some entries like this:
    Pass WIFIGUEST   173.194.x.y:443 TCP:SA

    192.168.5.x is LAN
    192.168.7.x is WIFIGUEST interface

    What do they means? How can I remove them?

    Many thanks

  • Looks like you have a squid proxy running on your pfSense.

    And it looks like traffic is not blocked between guest and LAN interface. I am not sure if that is intentional - usually it is not.

    Do you want to "remove" (disallow) this traffic or do you just want to remove the log entries?

  • Traffic is blocked by two rules:
    on LAN interface -> BLOCK Source ANY destination WIFIGUEST subnet
    on WIFIGUEST interface -> BLOCK Source ANY destination RFC Address (alias for reserved IP class)

    The strange thing is that the interface is WIFIGUEST, but source is a LAN address..

    Yes, I'm running squid, how can I remove (only realted pass) from firewall log?

  • Unfortunately, I have no experience with squid and how it works with regard to pf. I just noted the typical squid port.

    i have no idea about the susupicious LAN->WIFIGUEST log entry. Perhaps a WebGUI access from the WIFIGUEST, which is allowed by some rule with higher precedence than the "block" rules.

    If you want not to log "pass" (or "block") entries, simpy uncheck "Log packets that are handled by this rule" for the corresponding rule. Firewall rules which have logging turned on are easily recognized by having an "i" in a blue circle in front of them.

  • Rules seem correct (see the attachement)