unexpected "rdr rules" in the firewall log

Started by JohnnyBeee, August 27, 2020, 02:31:47 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 27, 2020, 02:31:47 PM
OPNsense 20.7.1-amd64
FreeBSD 12.1-RELEASE-p8-HBSD
OpenSSL 1.1.1g 21 Apr 2020

Hi.
I have NAT forwarding for port 25 to my email server on the DMZ.
On the WAN interface I have a few rules that forbid connections from certain countries and after that a rule that allows connections from everywhere to my email server.

Now this strange thing happens:
When I activate logging for the blocking rules then they show as expected in the firewall as blocking access.
But when I deactivate logging they show with a label "rdr rule" in the firewall log.
   Interface       Time    Source    Destination    Proto    Label
   wan      Aug 27 14:22:25   193.169.254.107:56236   192.168.0.10:25   tcp   rdr rule

The blocking works but these rules show up in the firewall log although I do not want to see them there.

Any ideas why those rules might show up as "rdr rules" in the FW log and how to not see those rules in the log?

Thanks.
August 28, 2020, 07:45:13 AM #1
No one? No ideas? Not a hint? Is this a completely unknown subject? Or can nobody be bothered?
If this is unknown I am starting to worry...
August 28, 2020, 08:12:04 AM #2
did you enable logging on port forward rule?
August 28, 2020, 10:05:46 AM #3
Hmmm, you got me twice in a day  :-[
Logging was activated on the port forward rule. That was it.
It has possibly crept back in when I de-associated the firewall rule.
But why does the rdr rule not show in the logs when a non associated firewall rule has logging activated?  ???

Thanks for your help :)
August 28, 2020, 05:44:30 PM #4
im not pflog guru but it looks like pflog logging packet once. so if fw rule logging enabled it "overwrites" rdr record.
and when you remove "log" from fw-rule it starts to write log from rdr-rule
August 29, 2020, 11:13:33 AM #5
Thanks a lot. It all starts to make sense now  :)
Print
Go Up Pages1
User actions