Firewall logs never show and info
I can go into Firewall and pick Event Logs, and then select the Firewall Block Events option and hit Refresh, but it shows nothing. But on the Rack status view, I can see thousands of events as blocked and logged. Is there a way I can view these (other than going to the terminal and looking in /var/log somewhere?
you need to check 'Log' in the rules if you want them to show up there. if you want a default Block and want to see the entries, leave it as default Pass and set up a Block and Log rule at the bottom of the list.
Attention: Support on the Untangle Forums is provided by volunteers and community members.
If you need official Untangle support please call or email support@untangle.com.
That's exactly what I have. when I click Refresh, it flashes and never shows anything.
If you have the firewall set to default block an event log wont be generated if the traffic qualifies this default.
Meaning if no rules match the traffic and the default block takes effect a log entry won't be generated. Usually what I do is create my own block all rule as the last rule that logs.
Tell us what you have set for your firewall rule that should be logging.
The beatings shall continue until morale improves!
to log blocked items
1. set default firewall as pass
2. create a "block all" rule and choose any for all options and then choose block and log.
then you create your pass rules above that.
Def1:9.3.2 x64 |Intel Mobo| Intel i7 860 2.8Ghz Quad with HT| 8G DDR3 13333 | 80G Intel SSD | 4x Intel Pro 1000 GT NIC's_ 1 Intel dual port Gigabyte NIC | Corsair 550W PSU | 50mb/50mb | 45 users
Hope this helps and is readable.
{"protocol":"udp","srcPort":"any","dstIntf":"1","l og":false,"category":"[no category]","description":"Allow DNS ","dstPort":"53","name":"[no name]","javaClass":"com.untangle.node.firewall.Firewall Rule","action":"Pass","dstAddress":"any","srcIntf" :"2","srcAddress":"any","live":true},
{"protocol":"tcp&udp","srcPort":"any","dstIntf":"1 ","log":false,"category":"[no category]","description":"Allow POP3 to new.rr.com","dstPort":"110","name":"[no name]","javaClass":"com.untangle.node.firewall.Firewall Rule","action":"Pass","dstAddress":"any","srcIntf" :"2","srcAddress":"any","live":true},
{"protocol":"tcp&udp","srcPort":"any","dstIntf":"1 ","log":false,"category":"[no category]","description":"Allow secure www traffic out","dstPort":"443","name":"[no name]","javaClass":"com.untangle.node.firewall.Firewall Rule","action":"Pass","dstAddress":"any","srcIntf" :"2","srcAddress":"any","live":true},
{"protocol":"tcp&udp","srcPort":"any","dstIntf":"1 ","log":false,"category":"[no category]","description":"Allow www traffic out","dstPort":"80","name":"[no name]","javaClass":"com.untangle.node.firewall.Firewall Rule","action":"Pass","dstAddress":"any","srcIntf" :"2","srcAddress":"any","live":true},
{"protocol":"tcp&udp","srcPort":"any","dstIntf":"1 ","log":false,"category":"[no category]","description":"Facebook Jabber chat","dstPort":"5221","name":"[no name]","javaClass":"com.untangle.node.firewall.Firewall Rule","action":"Pass","dstAddress":"any","srcIntf" :"2","srcAddress":"any","live":true},
{"protocol":"tcp&udp","srcPort":"any","dstIntf":"1 ","log":false,"category":"[no category]","description":"Facebook Jabber chat 2","dstPort":"5222","name":"[no name]","javaClass":"com.untangle.node.firewall.Firewall Rule","action":"Pass","dstAddress":"any","srcIntf" :"2","srcAddress":"any","live":true},
{"protocol":"any","srcPort":"any","dstIntf":"any", "log":false,"category":"[Sample]","description":"Block all TCP traffic from 1.2.3.0 netmask 255.255.255.0","dstPort":"any","name":"[no name]","javaClass":"com.untangle.node.firewall.Firewall Rule","action":"Block","dstAddress":"any","srcIntf ":"any","srcAddress":"any","live":true},
{"protocol":"tcp&udp","srcPort":"any","dstIntf":"a ny","log":true,"category":"[no category]","description":"Block all others","dstPort":"any","name":"[no name]","javaClass":"com.untangle.node.firewall.Firewall Rule","action":"Block","dstAddress":"any","srcIntf ":"any","srcAddress":"any","live":true}]
Looks like last rule is blocking. Should set the protocol to ANY as well.
Any bypass rules been specified. The firewall takes place within the UVM so if traffic is bypassed the firewall does nothing to it.
The beatings shall continue until morale improves!
There are no bypass rules, that is my entire firewall rules list, so I have my passes (no logging) at the top and my block all (with logging) at the bottom. I see tens of thousands of blocks in the rack view, but if i go to reports, there are no firewall blocks shown. However, i can, for example VPN into my work network just fine, however I cannot connect to any internal work network IP, no ping, no DNS, nothing. If I turn off the Untangle firewall, everything works fine. I am trying to see why that happens with the firewall on, but without anything logged, it's impossible.
Make your block all like the rule in the screenshot. TCP & UDP covers most network traffic but not all.
The beatings shall continue until morale improves!
Posting Permissions
LinkBack URL
About LinkBacks