firewall: logging for NAT rules

[cryptochrome]

Currently, when you add a new port forwarding rule and let it automatically create a corresponding firewall rule, that firewall rule has logging disabled and the rule can't be edited. So if I want logging, I would have to add the firewall rule manually and disable automatic rule creation.

Why not give us an option to enable logging on these auto-created rules?

[AdSchellevis]

There's a good reason why automatic rules can't be edited, the automatic generated rules lack validations which causes more issues if we let users edit them, for reference see #858 and the associated forum posts.

[cryptochrome]

I didn't necessarily imply that the auto-generated rules should be changeable. You could just add an additional option to the Port Forwarder setup page next to the field that asks if and which firewall should be created. Just add a checkbox, "enable logging".

[fichtner]

I'm taking this as discussed in the forum :)

[AdSchellevis]

@fichtner no problem, just referencing the cause here and not entirely sure it's a good idea to extend the forwarder page with more firewall settings.

[fichtner]

I agree, it will go to system: settings: logging

[AdSchellevis]

@fichtner thanks!

[cryptochrome]

thanks guys :) 👍

[fichtner]

Also for port forward, via https://forum.opnsense.org/index.php?topic=7266.0

[ccesario]

Hi Folks, is there any ETA for this feature!?

Regards
Carlos

[drinn]

I'd like very much for this feature as well. It looks like it's been pushed back for several releases now. Hopefully they will still be able to add this into 19.1.

[fichtner]

Like this? :) Although it's not what @AdSchellevis wanted as you can enable it per port forward rule ;)

[drinn]

Thank you, @fichtner for your work on this! I'm assuming I'd need to change my release type to "development" if I want to see these changes reflected on my running opnsense instance (assuming I want to try it out before the next release)?

[ccesario]

Hey @fichtner , only to configr .... is this in 18.7.8 ?
I'm not able to see log option in Firewall: NAT: Port Forward rule.

Carlos

[fichtner]

it's on the development version now (18.7.8 -> Release type Development, Check for updates again) . there is one issue left with the feature: the live log shows the wrong rule label. needs @AdSchellevis's help but not super urgent. I'm hoping it's done in 18.7.9 or 18.7.10.