Question to Default Deny Rule on WAN Traffic not logged

[crissi]

Hello,
i have set WAN via DHCP / LAN Rule, allow LAN net - Ports 80,443,53 to any, so internet access is working fine.

But what im missing is, that from WAN Side nothing is logged in the Firewall Log Widget. I scanned then my Public IP with a Online Scanner, but i still don't get any blocks shown in the Firewall Log...

Any Idea, why this is not logged, do i have to create on WAN a block rule to see the blocked traffic?

Thx

[chemlud]

Do you really want to spam the log?

System -> Settings -> Logging -> Enable logging for "default deny"

Would not recommend that for longer, more during debugging...

[franco]

Explicit quick log also works...


Cheers,
Franco

[crissi]

Hello,

thanks, no just for troubleshooting. I have actual the following settings, but dont see still WAN Traffic blocked

Do i miss something?

 

[errored out]

A simple workaround until this is sorted out for you, is create a deny / deny all rule for the interface and set it as the last rule / uncheck apply the action immediately on match.

[crissi]

Thanks for the workaround! After several reboots, i went to Diagnostics - States - Actions and did a reset for state tables and reset source tracking, afterwards the traffic logging worked!

But im wondering, should the state table / source tracking not be reset by reboot? Is there anything specific to define in FW - Settings - Advanced - Miscellaneous ?

Thank You!

[errored out]

This is a question for the creators.  I am thinking along the same lines as you.  Since everything is based off the config file, rebooting would clear up any issues with dynamic data.

The only thing that comes to mind is there is a setting within the configuration file / or the hard drive being stored and it was not being deleted as it should have. Residue data?

[crissi]

Installed fresh 5 days ago, i have 5 Firewall Rules and 1 additional Plugin installed, imho Residue could not be the Issue