I have no additional rules. Using default IPFire Firewall rules from installation. Checked the Firewall log today, and there are no records. Been up for three days, so should this be the case?
There are firewall hits showing up in the graph.
Using IPFire 2.29 (x86_64) - Core-Update 201 Development Build: master/da6ccd7a
Thanks for any insight!!
Hi.
Have you checked the settings at: https://ipfire_ip:444/cgi-bin/optionsfw.cgi?
You might have something disabled.
Let us know.
Where did you do this?
It should be at Logs→Firewall Logs
Is you IPfire behind a NAT ed firewall?
Does your ISP use CG-NAT? Since I switched from cable to fiber, I have almost zero hits in my firewall.
No Firewall on bare metal using FIOS
According to my Red facing IP address, no not using CG-NAT.
Have you checked “IP address blocklist logs”
You have “Drop Hostile networks”
I suggest testing by changing the default mode in firewall options:
Default firewall behavior from allowed to blocked.
Define a regular rule in Firewall Rules with the log box checked.
The latest version CU201 is Build: master/a5909296
Are there any error messages on the console or in /var/log/messages ?
try /etc/init.d/firewall restart
and then iptables -L | grep LOG
I have identified on my vm testbed systems that for an updated CU200 to CU201 Testing system the Firewall Logs WUI page is showing a range of DROP_INPUT and DROP_CTINVALID messages.
If I do a fresh install of CU201 Testing then there is nothing shown on the Firewall Logs page but in the /var/log/messages file there are DROP_INPUT and DROP_CTINVALID entries.
So for a fresh install it looks like the firewall logs page is not correctly extracting the required logs but it is working correctly for an updated version from 200 to 201 Testing.
I will check to see if there are any obvious differences in the firewall logs cgi file between the updated version and the fresh install.
EDIT: No change in firewalllog.dat between CU200 and CU201. Also a fresh install of CU200 does show entries in the WUI firewall logs page. New fresh install of CU201 Testing again did not show any entries in the WUI but entries are there in the messages file.
Can the original poster, @phantom, indicate if the system showing the problem was a fresh install of CU201 Testing or if it was an update from CU200 to CU201 Testing?
The process name for the firewall entries in the fresh install version is showing up as klogd: instead of kernel:
I will check if that was intended and if so then submit a patch to update what is searched for in messages and also the change in that between a Core Update and a Fresh Install.
Adolf, I can confirm this was a fresh install of IPFire 2.29 (x86_64) - Core-Update 201 Development Build: master/da6ccd7a.
Thank you all for your recommendations and tracking this down.
This problem has been resolved in
Core-Update 201 Development Build: master/bb27cc32
Adolph,
Updated to master/bb27cc32 and all is well with FW Logs. Thank you!!! For anyone in similar circumstances, this link will inform on how to update testing or other branches.
Best Wishes for you and yours this Easter!
