Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
How to check if Firewall blocking rule is working?
« previous
next »
Print
Pages: [
1
]
Author
Topic: How to check if Firewall blocking rule is working? (Read 6420 times)
labsy
Jr. Member
Posts: 59
Karma: 1
How to check if Firewall blocking rule is working?
«
on:
December 07, 2019, 11:03:39 pm »
Hi,
I have kinda smart FW rule, made of collected IP addresses from numerous web sites (Joomla and Wordpress) on many of our servers, which have some sort of security plugin installed. Every few minutes I pull all blocked/attacker/hacker IP addresses from thosee website plugins (mysql) and inject them via TXT table into firewall ALIAS table.
If anyone interested, here's the list:
http://secureit.si/lockouts/list.php
Now, I want to check if firewall is really blocking these IPs.
Where can I see LOGS, if this rule is doing the job? "Logging" is enabled inside this rule, but where can I see those logs?
Logged
lfirewall1243
Hero Member
Posts: 1386
Karma: 45
Re: How to check if Firewall blocking rule is working?
«
Reply #1 on:
December 09, 2019, 02:03:14 pm »
you can see it under Firewall->Rules->Log->Liveview
Logged
(Unoffial Community) OPNsense Telegram Group:
https://t.me/joinchat/0o9JuLUXRFpiNmJk
PM for paid support
labsy
Jr. Member
Posts: 59
Karma: 1
Re: How to check if Firewall blocking rule is working?
«
Reply #2 on:
December 31, 2019, 07:58:55 pm »
Ok, but LIVE VIEW I assume shows near realtime logs. I cannot check there, for example:
"Dear tech support, our team member is on vacation on Barbados and they cannot send mail."
Where can I check things like this, when I only suspect issue happened 3 days ago?
Logged
labsy
Jr. Member
Posts: 59
Karma: 1
Re: How to check if Firewall blocking rule is working?
«
Reply #3 on:
January 08, 2020, 07:10:33 am »
I am checking those ALIAS rules, but it seems like it is not pulling IP's from the list. I mean, source IP is not blocked, and source IP is not within IP ALIASES.
I have CRON set to check LIST ALIAS every 5 minutes.
Any idea what's wrong?
Any LOG I can check?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
How to check if Firewall blocking rule is working?