[ previous ] [ next ] [ threads ]
 From:  "Emanuele Baglini" <Emanuele at be dash ahead dot it>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  R: [m0n0wall] Feature suggestion: show related rule in firewall logs
 Date:  Sun, 22 Jan 2006 16:30:06 +0100
I think that this should be great!

Emanuele Baglini
be @head
E-mail	emanuele at be dash ahead dot it
Home Page	http://www.be-ahead.it/

Le informazioni contenute in questo messaggio sono riservate
e confidenziali ed è vietata la diffusione in qualunque modo
eseguita. Qualora Lei non fosse la persona a cui il presente
messaggio è destinato, La invitiamo ad eliminarlo e a non
leggerlo, dandocene gentilmente comunicazione. Per qualsiasi
informazione si prega di contattare (info at be dash ahead dot it).
Rif. D.L. 196/2003

This e-mail (including attachments) is intended only for the
recipient(s) named above. It may contain confidential or
privileged information and should not be read, copied or
otherwise used by any other person. If you are not the named
recipient, please contact (info at be dash ahead dot it) and delete the
e-mail from your system.
Rif. D.L. 196/2003.

-----Messaggio originale-----
Da: Tim Vaughan [mailto:talltim at gmail dot com] 
Inviato: domenica 22 gennaio 2006 13.31
A: m0n0wall at lists dot m0n0 dot ch
Oggetto: [m0n0wall] Feature suggestion: show related rule in firewall logs


Is it possible to show which firewall rule was responsible for a
particular block shown on the logs page?  This would be really useful
with complicated firewall rules, showing why a packet was blocked.

This thought occurred to me while I was trying to figure out why a
Linksys NSLU2 was being blocked over Port 80 (sample log entry:

12:06:18.130076  	 LAN, port 80, port
34660  	 TCP)

This is trying to reach it over the VPN connecting my
home network to my work network.  I can reach other
hosts on any port fine but the NSLU2 doesn't respond to ping, tcp over
port 80 and mounting a network share on it gets blocked too eventually
although oddly I can connect for a few seconds:

12:10:41.502859  	 LAN, port 139, port
50279  	 TCP

I still have no idea about this one because I have no rules blocking
any traffic on the LAN interface.


To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch