Hello! I've been tasked with creating a default deny-all outbound firewall rule for compliance reasons on a pfSense router, but I'm not very familiar with pfSense. I want to be able to monitor or log outbound port usage in preparation of creating the outbound firewall rules.
My hope is that most all traffic would be over 80/443, which I would create an outbound rule allowing this while blocking everything else, but I want to see what other ports are possibly being used to determine if any additional rules need created to avoid breaking business function. What would be the best way to achieve this?
I would be looking to log the destination IP and the TCP or UDP port, maybe even just a bit count on specific port usage so if anything other than 80/443 pops up I can perform a more target investigation.
