Tim Vaughan wrote:
>> Is it possible to show which firewall rule was responsible for a
>> particular block shown on the logs page? This would be really useful
>> with complicated firewall rules, showing why a packet was blocked.
Hi Tim... The feature you are requesting is already available in m0n0wall.
Diagnostics -> Logs -> Settings - Check "Show raw filter logs" and save
While you are there you should also check "Log packets blocked by the
default rule" at least for testing purposes.
Then view the "Firewall logs" page again...
Note that now, your firewall logs will contain a p (pass), b (block) or
r (reject) as well as the number of the rule that matched the packet.
Now, go to: http://your.m0n0.wall/exec.php
enter: ipfstat -ion
to locate the rule that matches your log entry.
Alternately, I use the remote syslog option. Packets are logged to my
syslog server in the "raw" format.