Question to Default Deny Rule on WAN Traffic not logged

Started by crissi, August 10, 2021, 06:20:55 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 10, 2021, 06:20:55 PM
Hello,
i have set WAN via DHCP / LAN Rule, allow LAN net - Ports 80,443,53 to any, so internet access is working fine.

But what im missing is, that from WAN Side nothing is logged in the Firewall Log Widget. I scanned then my Public IP with a Online Scanner, but i still don't get any blocks shown in the Firewall Log...

Any Idea, why this is not logged, do i have to create on WAN a block rule to see the blocked traffic?

Thx
Cheers,
Crissi
August 10, 2021, 06:32:06 PM #1
Do you really want to spam the log?

System -> Settings -> Logging -> Enable logging for "default deny"

Would not recommend that for longer, more during debugging...
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
August 10, 2021, 07:40:42 PM #2
Explicit quick log also works...


Cheers,
Franco
August 10, 2021, 08:19:43 PM #3
Hello,

thanks, no just for troubleshooting. I have actual the following settings, but dont see still WAN Traffic blocked

Do i miss something?

Cheers,
Crissi
August 11, 2021, 12:58:27 AM #4
A simple workaround until this is sorted out for you, is create a deny / deny all rule for the interface and set it as the last rule / uncheck apply the action immediately on match.
August 11, 2021, 01:27:47 PM #5
Thanks for the workaround! After several reboots, i went to Diagnostics - States - Actions and did a reset for state tables and reset source tracking, afterwards the traffic logging worked!

But im wondering, should the state table / source tracking not be reset by reboot? Is there anything specific to define in FW - Settings - Advanced - Miscellaneous ?

Thank You!
Cheers,
Crissi
August 11, 2021, 07:51:32 PM #6
This is a question for the creators.  I am thinking along the same lines as you.  Since everything is based off the config file, rebooting would clear up any issues with dynamic data.

The only thing that comes to mind is there is a setting within the configuration file / or the hard drive being stored and it was not being deleted as it should have. Residue data?
August 12, 2021, 08:05:57 AM #7
Installed fresh 5 days ago, i have 5 Firewall Rules and 1 additional Plugin installed, imho Residue could not be the Issue
Cheers,
Crissi
Print
Go Up Pages1
User actions