Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Firewall logs
« previous
next »
Print
Pages: [
1
]
Author
Topic: Firewall logs (Read 11600 times)
jmc
Newbie
Posts: 4
Karma: 0
Firewall logs
«
on:
September 20, 2017, 06:00:55 pm »
Hi, I'm new to this forum and new to OPNsense.
I have a OPNsense firewall up and running with several subnets attached. One one of the subnets OPT3 I opened up all outbound ports to get it up and running and I am now starting the process of locking down the firewall. I started with the rules to allow the ports for my pool controller, but I wanted to see what the logs looked like before implementing the rule.
I can control my pool from my phone and my browser on separate networks, so I know packets are getting in and out. I can see the packets from the controller to the internet on wireshark. But I can't see the packets in my firewall logs. The only rule I have enabled atm is a OPT3net to any.
Under my firewall logs I see no entries with the pool controller as ip source or destination.
I can see entries from the other devices attached to that subnet.
Any help would be appreciated. This is driving me crazy.
Thanks in advance.
Logged
chemlud
Hero Member
Posts: 2486
Karma: 112
Re: Firewall logs
«
Reply #1 on:
September 20, 2017, 06:49:19 pm »
By default rules don't log. But you can enable the log function on the config page of the respective rule. But you don't want to log each package allowed by your any-any rule. Fills up your HDD (SDcard?) with no benefit at all.
You can have specific allow rule to one port e.g. (disable allow any-any rule) and then logging makes sense....
PS: Opening ports from the outside to have access to IoT devices is never a clever solution. Establish a VPN tunnel to your network in question and you are much better off...
«
Last Edit: September 20, 2017, 06:51:47 pm by chemlud
»
Logged
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare
felix eichhorns premium katzenfutter mit der extraportion energie
A router is not a switch - A router is not a switch - A router is not a switch - A rou....
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: Firewall logs
«
Reply #2 on:
September 20, 2017, 06:54:40 pm »
in the logging settings you can set if the default block rules should log etc. You may have not configured or misconfigured it. The log looks like a lot of data joined by a comma (",").
to read it, you may use a library - for example, I wrote this one for logstash:
https://rubygems.org/gems/logstash-filter-opnsensefilter
You can find the source code for this library here:
https://github.com/fabianfrz/logstash-filter-opnsensefilter/blob/master/lib/logstash/filters/opnsensefilter.rb
Here is the OPNsense internal function:
https://github.com/opnsense/core/blob/master/src/etc/inc/filter_log.inc#L148
Logged
jmc
Newbie
Posts: 4
Karma: 0
Re: Firewall logs
«
Reply #3 on:
September 20, 2017, 07:29:39 pm »
@ Chemlud
Thanks Chemlud for your response.
I have the rules set to log.
And I am only opening outbound ports not inbound. Intention is to take out the any any after I get the rules needed to open up enough outbound to keep the devices working. Is that a bad approach?
Don't have much on the network yet so just looking at any any to see what to expect. Don't expect to leave it logging for long.
Logged
jmc
Newbie
Posts: 4
Karma: 0
Re: Firewall logs
«
Reply #4 on:
September 20, 2017, 07:37:45 pm »
Thanks fabian for the quick response.
I didn't turn default logging off so shouldn't be mis-configured, but they are not configured.
ATM I have been looking at the logs within the GUI. I will try the library.
Still I would think that with any any set to log, they would show up in the GUI under firewall:log files: normal view and they aren't.
«
Last Edit: September 20, 2017, 11:55:17 pm by jmc
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Firewall logs