Log everything from 1 IP address
-
Is it possible to log all traffic to and from one particular IP address? I want to see everything that goes through the firewall and everything that is blocked. I would like to selectively do this for certain computers for limited periods of time for testing purposes. I have an SG-4860 device, how do I do this? Thanks.
-
firewall rules, on the interface you're interested in (LAN?), pass or block rule src addr the IP(s) in question select log option. be careful as to "pass or block" because order becomes important.
-
If you really want to log all TRAFFIC to/from a particular host, you need to find a way to simultaneously capture all the traffic on both interfaces WAN and LAN. A switch mirror port on your modem and your LAN host going into a couple ports capturing with tcpdump would work. pfSense's built-in capture can only capture one port at a time I think. You can probably do multiple interfaces simultaneously by calling tcpdump from the shell.
Then you have to problem of matching the traffic on WAN after NAT has happened (if that's the case).
