Turned off logging for a rule but it still logs blocks

Started by iorx, March 29, 2025, 09:10:24 PM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
March 31, 2025, 04:02:58 PM #15
Quote from: iorx on March 31, 2025, 03:33:02 PMQuestion still remains. Why does it log it? 😁 As you can see in the logs it's like every minute this "rouge" device is "attacking" external name servers. Logs get pretty useless when
That was only the example I chose since I didn't know of any other. I don't if URL to "the other sense" is allowed but one thread was about a pass rule blocking and it been logged (search for "pfsense pass rule logged but not enabled").

And in that case it was about IP options which are blocked by default. You could try enable 'allow options' in your firewall rule and see if that gets rid of the block.
Deciso DEC740
March 31, 2025, 05:45:04 PM #16
Could be the same as https://forum.opnsense.org/index.php?topic=45801.0 but I haven't checked the details.
March 31, 2025, 06:06:58 PM #17
Quote from: franco on March 31, 2025, 05:45:04 PMCould be the same as https://forum.opnsense.org/index.php?topic=45801.0 but I haven't checked the details.

I read through that. Looks very much as it could be related to what I have here. Await when the "fix" is in a release or a patch is available.

I'll put my feedback here then. Pausing my own troubleshooting.

And.
Quote from: patient0And in that case it was about IP options...
I tried it out. IP options and change source to Any. Still got block in logs.

Live and prosper 🖖
March 31, 2025, 07:45:18 PM #18
Another interesting detail: it looks there are always multiple log entries with the same source port when this happens.
So either a single packet generates multiple log entries or it's the other way round: two packets with the same source port arriving at the same time are causing the issue.

In either case, this screams ,,race condition" if you ask me...
March 31, 2025, 08:35:58 PM #19
Quote from: troplin on March 31, 2025, 07:45:18 PMAnother interesting detail: it looks there are always multiple log entries with the same source port when this happens.
So either a single packet generates multiple log entries or it's the other way round: two packets with the same source port arriving at the same time are causing the issue.

In either case, this screams ,,race condition" if you ask me...
Does this mean that it could be this specific device which is the cause/problem? As I only see this block logging from this particular device?
It's a small box, en external controller, for the solar system I got. It makes "intelligent" decisions how to use the energy from the panels and a large battery. They call it "Hartbeat", and the appliance looks very much like a "rasp in a box".
You cannot view this attachment.
April 21, 2025, 10:08:09 PM #20
Hi again!

Updated to latest. Looks as it should now. No more logging for the rule which has logging disabled.
This fixed in this version?

OPNsense 25.1.5_5-amd64
FreeBSD 14.2-RELEASE-p2

I couldn't extract related info from the change log... probably a limitation associated with me and not the change log 😮😁

brgs,
Print
Go Up Pages 1 2
User actions