Hi everyone,
As soon as I activated the “enable default-log” option in 1.2.3, all packets that are processed by the firewall default action (drop) are displayed in the log, as the name suggests.
In 1.2.4 these entries are no longer displayed.
Neither in “monitor firewall name anyexternal-local” nor in “sudo journalctl -f | grep ”
However, I was able to validate that the packets (in this case, SSH) arrive at the firewall and are dropped by the default action as usually specified. The log entry is missing.
Here is my config for that firewall-rule:
vyos@blabla# show firewall name anyexternal-local | strip-private
default-action drop
enable-default-log
rule 1 {
action accept
state {
established enable
related enable
}
}
rule 2 {
action drop
log enable
state {
invalid enable
}
}
rule 10 {
action accept
description "Enable ICMP on WAN-Zone"
icmp {
type 8
}
log enable
protocol icmp
}
rule 55 {
action accept
description "Allow UDP 500 and 4500 for IPSec and NAT-T"
destination {
port 500,4500
}
log enable
protocol udp
}
rule 99 {
action accept
log enable
source {
address xxx.xxx.1.0/24
}
}
tcpdump:
vyos@blabla# run monitor traffic interface eth0 | grep -i 193.43.46.119
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
17:41:33.842483 IP 193.43.46.119.63763 > blabla.ssh: Flags [SEW], seq 2475691149, win 8192, options [mss 1440,nop,wscale 8,nop,nop,sackOK], length 0
17:41:36.843381 IP 193.43.46.119.63763 > blabla.ssh: Flags [SEW], seq 2475691149, win 8192, options [mss 1440,nop,wscale 8,nop,nop,sackOK], length 0
Zone Config:
vyos@blabla# show zone zone local
default-action drop
from external {
firewall {
name anyexternal-local
}
}
local-zone
vyos@blabla# show zone zone external
default-action drop
from local {
firewall {
name local-anyexternal
}
}
interface eth0