pfSense Support Subscription

Author Topic: Rules info 1770009538.. as an example  (Read 117 times)

0 Members and 1 Guest are viewing this topic.

Offline itlinux

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Rules info 1770009538.. as an example
« on: December 26, 2017, 06:14:39 pm »
Hello PFSense Masters.. I am having hard time to identify where to get the info about a code 1770009538 (as an example).. I would like to get that data so I could create a new rule if it gets false positive.

Thanks

Offline BBcan177

  • Hero Member
  • *****
  • Posts: 2608
  • Karma: +811/-5
    • View Profile
    • Click for Support
Re: Rules info 1770009538.. as an example
« Reply #1 on: December 26, 2017, 07:16:21 pm »
"1770" rules are for pfBlockerNG. You can edit your pfSense firewall log settings to show the Descriptions as a second line. 
"Experience is something you don't get until just after you need it."

 | http://pfblockerng.com | Twitter @BBcan177  | #pfBlockerNG |

Offline itlinux

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: Rules info 1770009538.. as an example
« Reply #2 on: December 26, 2017, 08:22:46 pm »
thanks here is an example of the one I wonder

1000000110

Ty!

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14840
  • Karma: +1377/-202
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Rules info 1770009538.. as an example
« Reply #3 on: December 27, 2017, 07:26:48 am »
Just enable the descriptions in the firewall log settings... Or just view the full rules with

https://doc.pfsense.org/index.php/How_can_I_see_the_full_PF_ruleset

And you can see which rule that number shows up on..

[2.4.2-RELEASE][root@sg4860.local.lan]/root: pfctl -vvsr | grep 1000000110
@23(1000000110) pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type echoreq keep state
@24(1000000110) pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routersol keep state
@25(1000000110) pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routeradv keep state
@26(1000000110) pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbrsol keep state
@27(1000000110) pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbradv keep state
[2.4.2-RELEASE][root@sg4860.local.lan]/root:
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.2-RELEASE-p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)