> Hi Tim... The feature you are requesting is already available in m0n0wall.
> Diagnostics -> Logs -> Settings - Check "Show raw filter logs" and save
> While you are there you should also check "Log packets blocked by the
> default rule" at least for testing purposes.
> Then view the "Firewall logs" page again...
> Note that now, your firewall logs will contain a p (pass), b (block) or
> r (reject) as well as the number of the rule that matched the packet.
> Now, go to: http://your.m0n0.wall/exec.php
> enter: ipfstat -ion
> to locate the rule that matches your log entry.
Ok, thanks for that, it's really useful. This is the offending entry:
23:05:41.532041 sis0 @0:13 b 192.168.0.14,80 -> 192.168.1.44,54131 PR
tcp len 20 60 -AS IN
With the corresponding rule:
@13 block in log quick proto tcp from any to any
which I'm guessing is the default rule that blocks anything that isn't
explicity passed. The problem is that I have other Linux servers on
that network which I can access perfectly well over the VPN and the
LAN interface has the standard pass from any to any rule.
Additionally, I get the following on my work m0n0wall:
21:50:39.187349 sis0 @0:16 b 192.168.1.44,53214 -> 220.127.116.11,80 PR
tcp len 20 52 -AF IN
22:12:05.772677 sis0 @0:16 b 192.168.1.44,53330 -> 18.104.22.168,80 PR
tcp len 20 40 -AR IN
@16 block in log quick proto tcp from any to any
Which I guess is the default rule again. I don't have block rules on
the LAN interface, so why are these packets logged as being blocked?