====== PFSense - Firewall - Debugging firewall rules ======

===== Change the System Log Settings =====

Navigate to **Status -> System logs -> Settings**.

  * Forward/Reverse Display:  **Checked**.
  * Log firewall default blocks:  **Not Checked**.
  * GUI Log Entries:  **500**.  Increase to Number of log entries to show from default of 50.

<WRAP info>
**NOTE:**  This should make it easier to ascertain the logs you want to monitor.
</WRAP>

----

===== Check the Firewall Logs =====

Navigate to **Status -> System logs -> Firewall**.

In **Normal View**:

<WRAP info>
**NOTE:**  You need to **refresh** if you expect a rule was triggered by some action.
</WRAP>


In **Dynamic View**:

<WRAP info>
**NOTE:**  Here, you do not have to hit refresh.
</WRAP>


----

===== Create Firewall Rules =====

Navigate to **Firewall -> Rules**.

Under the interface(s) you want to debug:

  * Create a default deny rule at the end of the rule list.
  * Select **Log packets that are handled by this rule**.
  * Give the rule a very unique name**.

For other rules you want to debug:
  
  * Choose **Log packets that are handled by this rule**.
  * Give the rule a very unique name.

Check the logs at **Status -> System logs -> Firewall -> Dynamic View**.

Tweak the firewall rules until you see the result you desire.

  * Packets blocked that should be blocked.
  * Packets allowed that should be allowed.

Click on the red/green blocked/accepted icons.

  * Will show a pop-up for the rule triggered, showing the unique name you gave to the rule.

----