pfsense:firewall:debugging_firewall_rules
Table of Contents
PFSense - Firewall - Debugging firewall rules
Change the System Log Settings
Navigate to Status → System logs → Settings.
- Forward/Reverse Display: Checked.
- Log firewall default blocks: Not Checked.
- GUI Log Entries: 500. Increase to Number of log entries to show from default of 50.
NOTE: This should make it easier to ascertain the logs you want to monitor.
Check the Firewall Logs
Navigate to Status → System logs → Firewall.
In Normal View:
NOTE: You need to refresh if you expect a rule was triggered by some action.
In Dynamic View:
NOTE: Here, you do not have to hit refresh.
Create Firewall Rules
Navigate to Firewall → Rules.
Under the interface(s) you want to debug:
- Create a default deny rule at the end of the rule list.
- Select Log packets that are handled by this rule.
- Give the rule a very unique name. For other rules you want to debug: * Choose Log packets that are handled by this rule. * Give the rule a very unique name. Check the logs at Status → System logs → Firewall → Dynamic View**.
Tweak the firewall rules until you see the result you desire.
- Packets blocked that should be blocked.
- Packets allowed that should be allowed.
Click on the red/green blocked/accepted icons.
- Will show a pop-up for the rule triggered, showing the unique name you gave to the rule.
pfsense/firewall/debugging_firewall_rules.txt · Last modified: 2021/01/06 19:39 by peter