Project

General

Profile

Actions

Regression #12977

closed

Rule descriptions in firewall logs show wrong rule label

Added by Marcos M almost 3 years ago. Updated over 2 years ago.

Status:
Resolved
Priority:
Normal
Category:
Logging
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
22.05
Release Notes:
Force Exclusion
Affected Version:
2.7.0
Affected Architecture:

Description

This was previously working on March 11th snapshot - now broken on 22.05.a.20220322.0600.

Only the default deny rule shows a rule description:

pass     Mar 22 18:55:15     LAN5     id:1637004860 (1637004860)     10.0.5.50:21190        192.0.2.3:443        TCP:S
block     Mar 22 18:55:13     WAN2     Default deny rule IPv4 (1000000103)     151.101.x.x:443        172.21.96.1:63396        TCP:FPA
block     Mar 22 18:55:11     WAN2     Default deny rule IPv4 (1000000103)     31.13.x.x:443        172.21.96.1:56457        TCP:FPA 


Related issues

Related to Regression #13155: Rule labels in pftop output are not correctResolvedJim Pingle

Actions
Actions #1

Updated by Marcos M almost 3 years ago

  • Affected Version set to 2.7.0
Actions #2

Updated by Jim Pingle almost 3 years ago

  • Tracker changed from Bug to Regression
  • Subject changed from Rule descriptions in firewall logs are broken to Rule descriptions in firewall logs show wrong rule label
  • Assignee set to Reid Linnemann
  • Target version set to 2.7.0
  • Plus Target Version set to 22.05

This is a known issue at the moment. It's a side effect of #12092 and the fact that the methods we use to get the rule data from pf don't return all the labels yet, only the first label on the rule. Reid had run into this already when working on associating rules with state data and it's part of what he's working on.

Actions #3

Updated by Reid Linnemann over 2 years ago

I did run into this, and I'm spending some time plumbing things through libpfctl to the pfSense php module. This will be a good time to expose all of the rule labels as well, I'm thinking preferably as an associative list rather than an array keyed by the prefix that identifies the label type.

Actions #4

Updated by Jim Pingle over 2 years ago

The rule description for the logs (and perhaps states if that pans out) should always be the last label on the rule. The user rules have a prefix ("USER_RULE") but the internal rules do not. The other prefixes like "id:", "gw:", "s:" are just things we've made up to make finding the right label easier.

Actions #5

Updated by Reid Linnemann over 2 years ago

  • Status changed from New to Resolved
Actions #6

Updated by Jim Pingle over 2 years ago

  • Release Notes changed from Default to Force Exclusion
Actions #7

Updated by Jim Pingle over 2 years ago

Actions

Also available in: Atom PDF