|
||||||||
Hi, I was just wondering... I've set up a remote syslog server - monitoring LAN activity (ipmon). I did this by setting up a single pass-all rule as the last/default rule on the LAN interface and I'm logging firewall events to the syslog server. Next i set up a client on the Captive portal interface (LAN). I then try to open a default webpage and i get a PASS event on the remote syslog server - before the client is authenticated. I suspect this behaviour to be a result of the captive portal rules being applied after the LAN rules. However I'd like to get rid of firewall events that did'nt really happen. Can this be done? Also i have a more or less related question: Any chance to log an event when a NAT table/firewall state entry is timed out. It would be great to be able to meassure the number of octets sent/recieved between specific IP's. BR Søren Vanggaard Jensen |