Firewall: No logging for "default deny rule"

[cybermaus]

So I understand there is a default deny rule. Anything not mentioned in a user rule, meaning anything not visible in any rule, is denied. Simple enough.

But it jams up the log. I am not at all interested in all these old Bittorrent (port 8999) and other sniffers/scanners/beggars/whatever hitting my WAN interface from the outside.

Can I turn off logging for the default deny rule?  On the WAN interface specifically, because there is nothing I can do against those scanners anyway.
Mind you, I am interested in seeing logs for the default deny rule for the internal interfaces. But that is a lot less, and also something I can actually do something with (by locating the client and de-installing whatever offending program)

Right now I made an extra user rule to deny everything rule at the bottom of my WAN rules, which works, but it would seem nicer to just change the logging default for WAN?

[guest19757]

This is actually something I would like to see happen as well, I went ahead and submitted issue here https://github.com/opnsense/core/issues/3075.

[guest19757]

Source: https://github.com/opnsense/core/issues/3075#issuecomment-450297959

but you can disable default deny logging under System: Settings: Logging. Since it is not an interface-specific rule by design it cannot be changed to exclude interfaces from logging.

You can, however, simply add your own default deny on WAN without logging enabled and that should be it?!

As per developer, unfortunately it's by design and cannot be toggled per interface.

[cybermaus]

But you can turn it off, so its all OK.

As stated, in System: Settings: Logging

[guest19757]

Not per interface and yes you can turn it off.

[chemlud]

...if there is something completely anoying (e.g. some spam on WAN), simply create a specific block rule w/o logging and this part of the noise disappears.. ;-)