OPNsense Forum
Archive => 21.7 Legacy Series => Topic started by: HenrysCat on August 04, 2021, 08:15:50 am
-
Since updating to 21.7 the firewall log now has IPv6 RFC4890 requirements (ICMP) on every other line.
(https://i.imgrpost.com/imgr/2021/08/04/log.md.png) (https://imgrpost.com/image/gka7s)
Any ideas how get rid?
Thanks all
-
Disable default pass rule logging under System: Settings: Logging.
Cheers,
Franco
-
Actually, looking at the screenshot this is due to the kernel patch to unhide the NAT logging. I'm not entirely sure the system correctly sets the log directive, but hopefully it should.
Cheers,
Franco
-
Already disabled, I think
(https://i.imgrpost.com/imgr/2021/08/04/settings.md.png) (https://imgrpost.com/image/gk5Xz)
:)
-
Ok, looking closer the label is simply wrong as NAT rules don't have labels and it's not even IPv6.
One of your port forward rules has logging enabled, but it didn't log correctly prior to version 21.7.
Cheers,
Franco
-
I see, all my port forward rules have logging enabled.
Thanks
-
Updated to 21.7.1 now all the blue lines say "rdr rule"
Is there really no way to get this back to how it was on 21.1?
-
Someone reported NAT rules not logging under these conditions. A bug was fixed. NAT logging is adhered to now. I would say no.
Why are you logging the NAT rules? Are you using an associated filter rule?
Cheers,
Franco
-
Why are you logging the NAT rules? Are you using an associated filter rule?
I use GeoIP and want to see who is constantly trying to connect from the unblocked country, these persistent attackers are then added to a custom block list.
-
Ok, if you use an unassociated filter rule you can set logging on the WAN rule and disable logging on the NAT.
Cheers,
Franco
-
Excellent, that works
Thank you :)
-
Indeed we wanted to see this additional logging on the NAT because usually there are redirects that lacked observability whithout it. I'm glad it can be kept.
-
The NAT log is also pre-NAT now as opposed to post-NAT before. I do believe this change is very helpful because before there was too much context missing.
Cheers,
Franco