[ previous ] [ next ] [ threads ]
 
 From:  Tim Vaughan <talltim at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Feature suggestion: show related rule in firewall logs
 Date:  Sun, 22 Jan 2006 12:17:06 +0000 
Hi,

Is it possible to show which firewall rule was responsible for a
particular block shown on the logs page?  This would be really useful
with complicated firewall rules, showing why a packet was blocked.

This thought occurred to me while I was trying to figure out why a
Linksys NSLU2 was being blocked over Port 80 (sample log entry:

12:06:18.130076  	 LAN  	 192.168.0.14, port 80  	 192.168.1.35, port
34660  	 TCP)

This is trying to reach it over the VPN connecting my 192.168.0.0/24
home network to my 192.168.1.1/24 work network.  I can reach other
hosts on any port fine but the NSLU2 doesn't respond to ping, tcp over
port 80 and mounting a network share on it gets blocked too eventually
although oddly I can connect for a few seconds:

12:10:41.502859  	 LAN  	 192.168.0.14, port 139  	 192.168.1.44, port
50279  	 TCP

I still have no idea about this one because I have no rules blocking
any traffic on the LAN interface.

Tim