Bug #12588: Automatic rule tracker IDs incorrect after multiple filter reloads - pfSense - pfSense bugtracker

Actions

Copy link

Bug #12588

closed

Automatic rule tracker IDs incorrect after multiple filter reloads

Added by Steve Wheeler almost 3 years ago. Updated almost 3 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Jim Pingle

Category:

Rules / NAT

Target version:

2.6.0

Start date:

Due date:

% Done:

100%

Estimated time:

Plus Target Version:

22.01

Release Notes:

Default

Affected Version:

2.6.0

Affected Architecture:

All

Description

In some circumstances the generated ruleset is created with unexpected tracker ID values at boot.

The values seen vary by install but are consistent across a reboot. For example:

#---------------------------------------------------------------------------
# default deny rules
#---------------------------------------------------------------------------
block in log inet all ridentifier 1000104531 label "Default deny rule IPv4" 
block out log inet all ridentifier 1000104532 label "Default deny rule IPv4" 
block in log inet6 all ridentifier 1000104533 label "Default deny rule IPv6" 
block out log inet6 all ridentifier 1000104534 label "Default deny rule IPv6"

After a filter reload the ruleset uses expected values:

#---------------------------------------------------------------------------
# default deny rules
#---------------------------------------------------------------------------
block in log inet all ridentifier 1000000101 label "Default deny rule IPv4" 
block out log inet all ridentifier 1000000102 label "Default deny rule IPv4" 
block in log inet6 all ridentifier 1000000103 label "Default deny rule IPv6" 
block out log inet6 all ridentifier 1000000104 label "Default deny rule IPv6"

This can result in firewall log entries mislabelled or labelled unexpectedly.

Tested:

2.6.0-DEVELOPMENT (amd64)
built on Mon Dec 13 20:27:39 UTC 2021
FreeBSD 12.3-STABLE

I have replicated this in 22.01 and 2.5.2/21.05.2 as well as older versions.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense

Custom queries

Bug #12588

Automatic rule tracker IDs incorrect after multiple filter reloads

Updated by Jim Pingle almost 3 years ago

Updated by Jim Pingle almost 3 years ago

Updated by Jim Pingle almost 3 years ago

Updated by Jim Pingle almost 3 years ago

Updated by Steve Wheeler almost 3 years ago

Updated by Jim Pingle almost 3 years ago

Updated by Danilo Zrenjanin almost 3 years ago