I have my virtual pfsense running smoothly I can access the webgui from my main network using aliases (thanks Tom for that tip) no other issues but upon reviewing logs i get a ton of entries on the firewall system log that says
Feb 2 12:16:49 WAN Default deny rule IPv4 (1000000103) 10.10.1.1:51171 18.104.22.168:1900 UDP
When i click the x showing it was blocked it says the below rule blocked it.
The rule that triggered this action is: @5(1000000103) block drop in log inet all label “Default deny rule IPv4”
Now i can not find said rule anywhere in my firewall rules. This is not breaking anything it merely if anything causes log bloat but I would like to better understand what is happening.
Given that this instance is on a private network and running just my VMs is it possible something on my wired network (the 10.10.1.1/24 the WAN side of pfsense) is generating this, if thats the case then its likely a gaming system or something of that nature. If that is the case can i strip this out of the logs? Will log bloat slow the pfsense instance down or is it ok to just let it go.
Every firewall has a “default rule” which takes effect on anything that wasn’t matched by another rule, and frequently aren’t shown as a rule, but rather a setting elsewhere. A proper firewall will have this as Default Deny, but most also let you change this. It is best to leave it as Default Deny and explicitly make Allow rules that are narrow to accept specific traffic. As @FredFerrell said, you can create explicit deny rules to clean up the logging. When I am setting up a new business network, part of my process is to watch the firewall logs for a few days to see what we might need to let through between VLANs, and as part of that it helps to block things that clutter the logs.
thank you for helping clear that up I am still learning which is why currently pfsense is just at the edge of my VM network once i get proficient enough to troubleshoot issues i may have I will likely buy a netgate box and upgrade my router
There were error(s) loading the rules: /tmp/rules.debug:45: cannot define table pfB_Europe_v4: Cannot allocate memory - The line in question reads : table <pfB_Europe_v4> persist file "/var/db/aliastables/pfB_Europe_v4.txt" @ 2020-02-07 17:23:37
I have upped the Firewall State Tables to 60000 too, and I have made an allow rule form the Firewall Log.