Text only | Text with Images

OPNsense Forum

Archive => 20.7 Legacy Series => Topic started by: aimdev on August 24, 2020, 06:32:40 PM

Title: Firewall question re blocking
Post by: aimdev on August 24, 2020, 06:32:40 PM
I have a LAN rule, using an alias, which contains the ports I allow out.
This works, and I see the traffic in the firewall  log.
However, I wish to see any attempts to bypass the rule with ports not in the alias.
Is this possible as a following rule will not see for example port 22 (not on the alias list) due to the previous rule.
Whats required is an inverse logging option I believe..
Title: Re: Firewall question re blocking
Post by: bartjsmit on August 24, 2020, 07:05:30 PM
You need to log your default deny rule
Title: Re: Firewall question re blocking
Post by: aimdev on August 24, 2020, 07:15:44 PM
Thanks, just to confirm the one in Floating, with the hard to find cos its in system and really should be in the firewall page to log enable / disable one?  :)
Title: Re: Firewall question re blocking
Post by: bartjsmit on August 24, 2020, 07:49:00 PM
It logs in the live view and possibly if you forward to a collector. If not, you'll have to roll your own and make it slightly less generic
Title: Re: Firewall question re blocking
Post by: aimdev on August 24, 2020, 08:13:11 PM
yes getting loads of stuff thats really quite normal, so will have to investigate further.
Thanks again for your assistance
Text only | Text with Images