OPNsense Forum
Archive => 20.7 Legacy Series => Topic started by: aimdev on August 24, 2020, 06:32:40 pm
-
I have a LAN rule, using an alias, which contains the ports I allow out.
This works, and I see the traffic in the firewall log.
However, I wish to see any attempts to bypass the rule with ports not in the alias.
Is this possible as a following rule will not see for example port 22 (not on the alias list) due to the previous rule.
Whats required is an inverse logging option I believe..
-
You need to log your default deny rule
-
Thanks, just to confirm the one in Floating, with the hard to find cos its in system and really should be in the firewall page to log enable / disable one? :)
-
It logs in the live view and possibly if you forward to a collector. If not, you'll have to roll your own and make it slightly less generic
-
yes getting loads of stuff thats really quite normal, so will have to investigate further.
Thanks again for your assistance