How to check if Firewall blocking rule is working?

Started by labsy, December 07, 2019, 11:03:39 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 07, 2019, 11:03:39 PM
Hi,

I have kinda smart FW rule, made of collected IP addresses from numerous web sites (Joomla and Wordpress) on many of our servers, which have some sort of security plugin installed. Every few minutes I pull all blocked/attacker/hacker IP addresses from thosee website plugins (mysql) and inject them via TXT table into firewall ALIAS table.
If anyone interested, here's the list: http://secureit.si/lockouts/list.php

Now, I want to check if firewall is really blocking these IPs.
Where can I see LOGS, if this rule is doing the job? "Logging" is enabled inside this rule, but where can I see those logs?
December 09, 2019, 02:03:14 PM #1
you can see it under Firewall->Rules->Log->Liveview
(Unoffial Community) OPNsense Telegram Group: https://t.me/joinchat/0o9JuLUXRFpiNmJk

PM for paid support
December 31, 2019, 07:58:55 PM #2
Ok, but LIVE VIEW I assume shows near realtime logs. I cannot check there, for example:
"Dear tech support, our team member is on vacation on Barbados and they cannot send mail."
Where can I check things like this, when I only suspect issue happened 3 days ago?
January 08, 2020, 07:10:33 AM #3
I am checking those ALIAS rules, but it seems like it is not pulling IP's from the list. I mean, source IP is not blocked, and source IP is not within IP ALIASES.

I have CRON set to check LIST ALIAS every 5 minutes.

Any idea what's wrong?
Any LOG I can check?
Print
Go Up Pages1
User actions