Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.7 Legacy Series
»
Firewall question re blocking
« previous
next »
Print
Pages: [
1
]
Author
Topic: Firewall question re blocking (Read 2097 times)
aimdev
Full Member
Posts: 126
Karma: 5
Firewall question re blocking
«
on:
August 24, 2020, 06:32:40 pm »
I have a LAN rule, using an alias, which contains the ports I allow out.
This works, and I see the traffic in the firewall log.
However, I wish to see any attempts to bypass the rule with ports not in the alias.
Is this possible as a following rule will not see for example port 22 (not on the alias list) due to the previous rule.
Whats required is an inverse logging option I believe..
Logged
bartjsmit
Hero Member
Posts: 2017
Karma: 194
Re: Firewall question re blocking
«
Reply #1 on:
August 24, 2020, 07:05:30 pm »
You need to log your default deny rule
Logged
aimdev
Full Member
Posts: 126
Karma: 5
Re: Firewall question re blocking
«
Reply #2 on:
August 24, 2020, 07:15:44 pm »
Thanks, just to confirm the one in Floating, with the hard to find cos its in system and really should be in the firewall page to log enable / disable one?
Logged
bartjsmit
Hero Member
Posts: 2017
Karma: 194
Re: Firewall question re blocking
«
Reply #3 on:
August 24, 2020, 07:49:00 pm »
It logs in the live view and possibly if you forward to a collector. If not, you'll have to roll your own and make it slightly less generic
Logged
aimdev
Full Member
Posts: 126
Karma: 5
Re: Firewall question re blocking
«
Reply #4 on:
August 24, 2020, 08:13:11 pm »
yes getting loads of stuff thats really quite normal, so will have to investigate further.
Thanks again for your assistance
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
20.7 Legacy Series
»
Firewall question re blocking