OPNsense Forum

Archive => 18.7 Legacy Series => Topic started by: cybermaus on December 27, 2018, 11:36:05 pm

Title: Firewall: No logging for "default deny rule"
Post by: cybermaus on December 27, 2018, 11:36:05 pm
So I understand there is a default deny rule. Anything not mentioned in a user rule, meaning anything not visible in any rule, is denied. Simple enough.

But it jams up the log. I am not at all interested in all these old Bittorrent (port 8999) and other sniffers/scanners/beggars/whatever hitting my WAN interface from the outside.

Can I turn off logging for the default deny rule?  On the WAN interface specifically, because there is nothing I can do against those scanners anyway.
Mind you, I am interested in seeing logs for the default deny rule for the internal interfaces. But that is a lot less, and also something I can actually do something with (by locating the client and de-installing whatever offending program)

Right now I made an extra user rule to deny everything rule at the bottom of my WAN rules, which works, but it would seem nicer to just change the logging default for WAN?

Title: Re: Firewall: No logging for "default deny rule"
Post by: guest19757 on December 28, 2018, 12:57:34 am
This is actually something I would like to see happen as well, I went ahead and submitted issue here https://github.com/opnsense/core/issues/3075.
Title: Re: Firewall: No logging for "default deny rule"
Post by: guest19757 on December 28, 2018, 07:57:58 am
Source: https://github.com/opnsense/core/issues/3075#issuecomment-450297959
Quote
but you can disable default deny logging under System: Settings: Logging. Since it is not an interface-specific rule by design it cannot be changed to exclude interfaces from logging.

You can, however, simply add your own default deny on WAN without logging enabled and that should be it?!

As per developer, unfortunately it's by design and cannot be toggled per interface.
Title: Re: Firewall: No logging for "default deny rule"
Post by: cybermaus on December 31, 2018, 07:40:21 am
But you can turn it off, so its all OK.

As stated, in System: Settings: Logging
Title: Re: Firewall: No logging for "default deny rule"
Post by: guest19757 on December 31, 2018, 07:45:58 am
Not per interface and yes you can turn it off.
Title: Re: Firewall: No logging for "default deny rule"
Post by: chemlud on December 31, 2018, 05:37:21 pm
...if there is something completely anoying (e.g. some spam on WAN), simply create a specific block rule w/o logging and this part of the noise disappears.. ;-)