Re: [m0n0wall] Feature suggestion: show related rule in firewall logs

From:	mtnbkr <waa dash m0n0wall at revpol dot com>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Feature suggestion: show related rule in firewall logs
Date:	Sun, 22 Jan 2006 16:50:14 -0500

Tim Vaughan wrote:

>> Hi,
>>
>> Is it possible to show which firewall rule was responsible for a
>> particular block shown on the logs page?  This would be really useful
>> with complicated firewall rules, showing why a packet was blocked.
>> Tim

Hi Tim... The feature you are requesting is already available in m0n0wall.

Diagnostics -> Logs -> Settings - Check "Show raw filter logs"  and save

While you are there you should also check "Log packets blocked by the
default rule" at least for testing purposes.

Then view the "Firewall logs" page again...

Note that now, your firewall logs will contain a p (pass), b (block) or
r (reject) as well as the number of the rule that matched the packet.

Now, go to:  http://your.m0n0.wall/exec.php

enter:   ipfstat -ion

to locate the rule that matches your log entry.

Alternately, I use the remote syslog option. Packets are logged to my
syslog server in the "raw" format.

--
Bill Arlofski