OPNsense 20.7.1-amd64
FreeBSD 12.1-RELEASE-p8-HBSD
OpenSSL 1.1.1g 21 Apr 2020
Hi.
I have NAT forwarding for port 25 to my email server on the DMZ.
On the WAN interface I have a few rules that forbid connections from certain countries and after that a rule that allows connections from everywhere to my email server.
Now this strange thing happens:
When I activate logging for the blocking rules then they show as expected in the firewall as blocking access.
But when I deactivate logging they show with a label "rdr rule" in the firewall log.
Interface Time Source Destination Proto Label
wan Aug 27 14:22:25 193.169.254.107:56236 192.168.0.10:25 tcp rdr rule
The blocking works but these rules show up in the firewall log although I do not want to see them there.
Any ideas why those rules might show up as "rdr rules" in the FW log and how to not see those rules in the log?
Thanks.
No one? No ideas? Not a hint? Is this a completely unknown subject? Or can nobody be bothered?
If this is unknown I am starting to worry...
did you enable logging on port forward rule?
Hmmm, you got me twice in a day :-[
Logging was activated on the port forward rule. That was it.
It has possibly crept back in when I de-associated the firewall rule.
But why does the rdr rule not show in the logs when a non associated firewall rule has logging activated? ???
Thanks for your help :)
im not pflog guru but it looks like pflog logging packet once. so if fw rule logging enabled it "overwrites" rdr record.
and when you remove "log" from fw-rule it starts to write log from rdr-rule
Thanks a lot. It all starts to make sense now :)