Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Firewall rule numbers in syslog?

    Firewalling
    2
    3
    1995
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kapara last edited by

      Is there a way by looking at this log to tell which rule has allowed the packet to pass?  Can this be referenced?  rule 53/0(match):  I know I can find it since I allowed port 21 to 10.10.0.14 but I was hoping there might be an easy way to reference the rules by looking at the syslog and pinpointing which rule either allowed or blocked traffic.

      2008-04-28 22:04:43 Local0.Info 10.10.0.1 Apr 28 22:04:42 pf: 20. 480571 rule 53/0(match): pass in on em0: (tos 0x0, ttl  47, id 50838, offset 0, flags [DF], proto: TCP (6), length: 64) (From IP).51474 > 10.10.0.14.21: S 2638049757:2638049757(0) win 65228 <mss 1460,nop,wscale="" 0,[|tcp]="">Thanks

      Mark</mss>

      Skype ID:  Marinhd

      1 Reply Last reply Reply Quote 0
      • H
        hoba last edited by

        Klick the pass/block/reject icon in front of the log entry at status>systemlogs, firewall. It will tell you exactly what rule triggered that action. Another option is to download or look at /tmp/rules.debug (diagnostics>edit file or diagnostics>command, download).

        1 Reply Last reply Reply Quote 0
        • K
          kapara last edited by

          Thanks Hoba,

          Easy to see in the gui but if I am looking at the syslog and I try to find Rule 53 in the rules.debug, there is no way to easily pinpoint which rule is allowing this to pass through.

          Thanks,

          Mark

          Skype ID:  Marinhd

          1 Reply Last reply Reply Quote 0
          • First post
            Last post