Query for "Rejected" packets possible?



  • Hi All,

    I wanted to query rejected packets via the firewall logs and I saw it didn't show any results.
    Google and the pfSense forum told me, that pf is only logging pass or block - reject will be logged as blocked. That sounds like I won't be able to query for rejected packets in the Firewall log.

    If that is truly the case can someone from the Dev team remove the check box in the firewall logs? This is confusing really…

    Thanks,
    Mike


  • LAYER 8 Global Moderator

    yeah this seems to be an unusable check box, I just created a reject rule for icmp top of the list, marked as log.  But shows as blocked in the log not rejected.  If filter on reject nothing is shown.  Also tried reject of tcp port just to verify it wasn't something odd with icmp blocking, and same thing with tcp - in log shows block even though rule is set to reject..  So seems there would be no way to filter on rejected?




  • Should I report that as bug in redmine.pfsense.org ?


  • LAYER 8 Global Moderator

    Doesn't really seem like a bug, more like just a feature that is not really usable..  Unless you consider that them being logged as blocked vs rejected is the bug..  Not sure that is with pfsense and more something to do with PF itself.

    https://forum.pfsense.org/index.php?topic=50655.0
    "PF strictly logs block or pass, not reject. Reject is logged as blocked. "


Log in to reply