OPNsense Forum

Archive => 20.7 Legacy Series => Topic started by: aimdev on August 24, 2020, 06:32:40 pm

Title: Firewall question re blocking
Post by: aimdev on August 24, 2020, 06:32:40 pm

I have a LAN rule, using an alias, which contains the ports I allow out.
This works, and I see the traffic in the firewall  log.
However, I wish to see any attempts to bypass the rule with ports not in the alias.
Is this possible as a following rule will not see for example port 22 (not on the alias list) due to the previous rule.
Whats required is an inverse logging option I believe..

Title: Re: Firewall question re blocking
Post by: bartjsmit on August 24, 2020, 07:05:30 pm

You need to log your default deny rule

Title: Re: Firewall question re blocking
Post by: aimdev on August 24, 2020, 07:15:44 pm

Thanks, just to confirm the one in Floating, with the hard to find cos its in system and really should be in the firewall page to log enable / disable one?  :)

Title: Re: Firewall question re blocking
Post by: bartjsmit on August 24, 2020, 07:49:00 pm

It logs in the live view and possibly if you forward to a collector. If not, you'll have to roll your own and make it slightly less generic

Title: Re: Firewall question re blocking
Post by: aimdev on August 24, 2020, 08:13:11 pm

yes getting loads of stuff thats really quite normal, so will have to investigate further.
Thanks again for your assistance