User Tools

Site Tools


pfsense:firewall:debugging_firewall_rules

PFSense - Firewall - Debugging firewall rules

Change the System Log Settings

Navigate to Status → System logs → Settings.

  • Forward/Reverse Display: Checked.
  • Log firewall default blocks: Not Checked.
  • GUI Log Entries: 500. Increase to Number of log entries to show from default of 50.

NOTE: This should make it easier to ascertain the logs you want to monitor.


Check the Firewall Logs

Navigate to Status → System logs → Firewall.

In Normal View:

NOTE: You need to refresh if you expect a rule was triggered by some action.

In Dynamic View:

NOTE: Here, you do not have to hit refresh.


Create Firewall Rules

Navigate to Firewall → Rules.

Under the interface(s) you want to debug:

  • Create a default deny rule at the end of the rule list.
  • Select Log packets that are handled by this rule.
  • Give the rule a very unique name. For other rules you want to debug: * Choose Log packets that are handled by this rule. * Give the rule a very unique name. Check the logs at Status → System logs → Firewall → Dynamic View**.

Tweak the firewall rules until you see the result you desire.

  • Packets blocked that should be blocked.
  • Packets allowed that should be allowed.

Click on the red/green blocked/accepted icons.

  • Will show a pop-up for the rule triggered, showing the unique name you gave to the rule.

pfsense/firewall/debugging_firewall_rules.txt · Last modified: 2021/01/06 19:39 by peter

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki