The Firewall logs are located through the pfSense® webGUI at Status > System Logs on the Firewall tab. The logs show all events logged by the firewall. By default, this includes connections blocked by the default deny rule.
How to Read the Logs¶
Each entry is displayed with the action ( pass or block, reject is only logged as block), time, interface, source, destination, and protocol.
The action icon depicts the action taken on the connection. indicates a block action, indicates a pass action. Hover over the link for a text description if the meaning of the icon is not clear. Clicking on the action icon will produce a box that shows which rule caused the action. Using the Settings tab, these rule descriptions may also be shown in a separate column of the rules, or on a second line.
The icon next to the source and destination addresses will attempt to reverse resolve the IP address into a hostname via DNS.
The icon next to the source address will add a full block for traffic coming from that IP address via Easy Rule. The icon next to the destination address also invokes Easy Rule, and will add a pass rule for traffic of this protocol, going from the source IP address to the destination IP address on the destination port.
If the logged entry is from a TCP connection, the TCP flags may also be displayed. For more information, see List of Routing Table Flags.
Firewall Log Dynamic View¶
The dynamic firewall log view works like the normal Firewall Logs view except it is updated every few seconds using AJAX.
Firewall Log Summary View¶
The firewall log summary view produces pie charts which summarize the log data. Each item is listed with a chart and a table containing the top five entries in the chart, and “other”.
Summarized data includes actions, interfaces, protocols, source IPs, destination IPs, source ports, and destination ports.
The full content of the log is used to summarize the data, not just the part displayed in the Firewall Logs view.
Disable Default Block Logging¶
To disable logging of blocked packets from the default deny rule, go to to Status > System Logs, Settings tab, then uncheck Log packets blocked by the default rule and Click Save.