Sometimes a Pass rule of the LAN (or VPN) becomes a Block rule on the WAN.
-
I noticed an (apparently) strange thing: sometimes a Pass rule of the VPN interface or of the LAN interface is logged as a block rule on the WAN interface and appears in the Firewall logs.
Anyone noticed the same thing?
-
No..
-
Maybe the NAT reflection?
Yesterday the Firewall Logs reported that the "anti-lockout rule" was blocked on the WAN…
-
Give us example of what your seeing - pictures always help!
-
Logs are by rule number in 2.1x and earlier versions. Those are subject to change if you change your ruleset. The rule number that is currently may not be the same as at the time of that log if you made changes in between.
-
@cmb:
Logs are by rule number in 2.1x and earlier versions. Those are subject to change if you change your ruleset. The rule number that is currently may not be the same as at the time of that log if you made changes in between.
This is a good explanation. So, the description of the rule follows the rule number. Is this correct?
-
When a firewall log entry is generated, it basically says something like "rule 40 did X, Y and Z". If you change your firewall rules afterwards, rule 40 can be something completely different. The only way to associate the rule with the log (pre-2.2) was to find what rule 40 is, and that is checked vs. the current running state of the system.