OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 18.7 Legacy Series »
  • Firewall: No logging for "default deny rule"
« previous next »
  • Print
Pages: [1]

Author Topic: Firewall: No logging for "default deny rule"  (Read 4027 times)

cybermaus

  • Newbie
  • *
  • Posts: 21
  • Karma: 2
    • View Profile
Firewall: No logging for "default deny rule"
« on: December 27, 2018, 11:36:05 pm »
So I understand there is a default deny rule. Anything not mentioned in a user rule, meaning anything not visible in any rule, is denied. Simple enough.

But it jams up the log. I am not at all interested in all these old Bittorrent (port 8999) and other sniffers/scanners/beggars/whatever hitting my WAN interface from the outside.

Can I turn off logging for the default deny rule?  On the WAN interface specifically, because there is nothing I can do against those scanners anyway.
Mind you, I am interested in seeing logs for the default deny rule for the internal interfaces. But that is a lot less, and also something I can actually do something with (by locating the client and de-installing whatever offending program)

Right now I made an extra user rule to deny everything rule at the bottom of my WAN rules, which works, but it would seem nicer to just change the logging default for WAN?

« Last Edit: December 28, 2018, 06:48:36 am by cybermaus »
Logged

guest19757

  • Guest
Re: Firewall: No logging for "default deny rule"
« Reply #1 on: December 28, 2018, 12:57:34 am »
This is actually something I would like to see happen as well, I went ahead and submitted issue here https://github.com/opnsense/core/issues/3075.
Logged

guest19757

  • Guest
Re: Firewall: No logging for "default deny rule"
« Reply #2 on: December 28, 2018, 07:57:58 am »
Source: https://github.com/opnsense/core/issues/3075#issuecomment-450297959
Quote
but you can disable default deny logging under System: Settings: Logging. Since it is not an interface-specific rule by design it cannot be changed to exclude interfaces from logging.

You can, however, simply add your own default deny on WAN without logging enabled and that should be it?!

As per developer, unfortunately it's by design and cannot be toggled per interface.
Logged

cybermaus

  • Newbie
  • *
  • Posts: 21
  • Karma: 2
    • View Profile
Re: Firewall: No logging for "default deny rule"
« Reply #3 on: December 31, 2018, 07:40:21 am »
But you can turn it off, so its all OK.

As stated, in System: Settings: Logging
Logged

guest19757

  • Guest
Re: Firewall: No logging for "default deny rule"
« Reply #4 on: December 31, 2018, 07:45:58 am »
Not per interface and yes you can turn it off.
Logged

chemlud

  • Hero Member
  • *****
  • Posts: 2036
  • Karma: 93
    • View Profile
Re: Firewall: No logging for "default deny rule"
« Reply #5 on: December 31, 2018, 05:37:21 pm »
...if there is something completely anoying (e.g. some spam on WAN), simply create a specific block rule w/o logging and this part of the noise disappears.. ;-)
Logged
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 18.7 Legacy Series »
  • Firewall: No logging for "default deny rule"
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2