Log everything from 1 IP address

Firewalling
Log in to reply
  • C

    Is it possible to log all traffic to and from one particular IP address?  I want to see everything that goes through the firewall and everything that is blocked.  I would like to selectively do this for certain computers for limited periods of time for testing purposes.  I have an SG-4860 device, how do I do this?  Thanks.

    0
  • M

    firewall rules, on the interface you're interested in (LAN?), pass or block rule src addr the IP(s) in question select log option.  be careful as to "pass or block" because order becomes important.

    0
  • Derelict
    LAYER 8 Netgate

    If you really want to log all TRAFFIC to/from a particular host, you need to find a way to simultaneously capture all the traffic on both interfaces WAN and LAN.  A switch mirror port on your modem and your LAN host going into a couple ports capturing with tcpdump would work.  pfSense's built-in capture can only capture one port at a time I think.  You can probably do multiple interfaces simultaneously by calling tcpdump from the shell.

    Then you have to problem of matching the traffic on WAN after NAT has happened (if that's the case).

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2021 Rubicon Communications, LLC | Privacy Policy