easily add blocked packets from the live view to a zone as a rule

Started by d3v, June 10, 2025, 10:13:03 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 10, 2025, 10:13:03 PM
Hey all,

from pfSense I really enjoyed the log view because I could search for blocked packets using a filter, view and thus identify them and then click on "Add to ..." and add the firewall rule in the corresponding section for the respective interface. Example: I searched for destination port 443, saw the blocked packet in the live log, and was able to add just such a rule for an interface by clicking on the arrow.

I miss this option in OPNsense or it is hidden somewhere else. Can anyone point me to the right direction, please?

Thanks in advance.
June 10, 2025, 11:42:59 PM #1
No, it's not an available option.
June 11, 2025, 09:22:23 AM #2
sad to hear, but thanks for the prompt feedback. Does anyone know by chance if this is still available in the latest pfSense version ?
June 11, 2025, 10:10:46 AM #3
better places to ask about pfsense than in the OPNSense forum :)
June 11, 2025, 01:10:54 PM #4
Quote from: d3v on June 10, 2025, 10:13:03 PMHey all, Incredibox Game

from pfSense I really enjoyed the log view because I could search for blocked packets using a filter, view and thus identify them and then click on "Add to ..." and add the firewall rule in the corresponding section for the respective interface. Example: I searched for destination port 443, saw the blocked packet in the live log, and was able to add just such a rule for an interface by clicking on the arrow.

I miss this option in OPNsense or it is hidden somewhere else. Can anyone point me to the right direction, please?

Thanks in advance.
Have you tried using the "Live View" feature in OPNsense's Firewall Logs with the os-intrusion-detection-content plugin?
June 11, 2025, 09:37:39 PM #5
Quote from: Trannie on June 11, 2025, 01:10:54 PMHave you tried using the "Live View" feature in OPNsense's Firewall Logs with the os-intrusion-detection-content plugin?

Firewall --> Log Files --> Live View

is the section I was looking for initially, as described in the beginning of this post. However I don't have installed a plugin called 'os-intrusion-detection-content' or similar and thus never tested it.

Can you tell me if this plugin will lead to the functionality I asked for?
June 11, 2025, 11:09:48 PM #6
No it won't. I've no idea how this is meant to help. It has nothing to do with your question.
There is no functionality in OPN to shortcut the creation of firewall rules from the Live View.
June 16, 2025, 10:52:18 AM #7
Quote from: cookiemonster on June 11, 2025, 11:09:48 PMThere is no functionality in OPN to shortcut the creation of firewall rules from the Live View.

Does anyone know the reason why this -in my opinion very useful- original functionality from pfSense was not transferred to OPNsense but was explicitly removed? Is somewhere more information on whether this will be included again in future OPNsense releases? Maybe there's a kind of wish list where this could be expressed or even some developers in here who can shade some light onto ?
June 16, 2025, 11:31:27 AM #8
If you feel like something is missing you can always open a feature request on github.
Hardware:
DEC740
Print
Go Up Pages1
User actions