Firewall question re blocking

aimdev · August 24, 2020, 06:32:40 PM

I have a LAN rule, using an alias, which contains the ports I allow out.
This works, and I see the traffic in the firewall log.
However, I wish to see any attempts to bypass the rule with ports not in the alias.
Is this possible as a following rule will not see for example port 22 (not on the alias list) due to the previous rule.
Whats required is an inverse logging option I believe..

bartjsmit · August 24, 2020, 07:05:30 PM

You need to log your default deny rule

aimdev · August 24, 2020, 07:15:44 PM

Thanks, just to confirm the one in Floating, with the hard to find cos its in system and really should be in the firewall page to log enable / disable one? :)

bartjsmit · August 24, 2020, 07:49:00 PM

It logs in the live view and possibly if you forward to a collector. If not, you'll have to roll your own and make it slightly less generic

aimdev · August 24, 2020, 08:13:11 PM

yes getting loads of stuff thats really quite normal, so will have to investigate further.
Thanks again for your assistance

Firewall question re blocking

aimdev

August 24, 2020, 06:32:40 PM

bartjsmit

August 24, 2020, 07:05:30 PM #1

aimdev

August 24, 2020, 07:15:44 PM #2

bartjsmit

August 24, 2020, 07:49:00 PM #3

aimdev

August 24, 2020, 08:13:11 PM #4