If i enable setting "Enable log for rules" i get log entrys both on wan and lan not matter if the rule even exists on the wan interface
i have a "block" on lan port for dst: crowdsec but i dont want it filled with crowdsec hits from wan.
is it possible to not have hits on wan and only on hits originating from lan?
Just started having a play with this myself....
Maybe if you leave 'Enable log for rules' disabled, then enable regular logging on your dst drop rule?
The default rules match IN on any interface, with a source of crowdsec_blacklists:
pfctl -s rules | grep crowd
block drop in quick inet from <crowdsec_blacklists> to any label "6fc904ee8f33bb90e1c73147d55cd852"
block drop in quick inet6 from <crowdsec6_blacklists> to any label "7de971956cb806447b5f10bdb3d4d9bb"
Perhaps this is a good case for a floating rule, with a dst of crowdsec_blacklists - if you want to make sure your devices behind opnsense are not trying to 'talk' to the crowdsec_blacklists IPs.
Instead of this messing, why just not leave 'Enable log for rules' enabled and create a template with "Label contains Crowdsec" and "Interface is not WAN" and save it in the live view?