Regression #12977
closed
Rule descriptions in firewall logs show wrong rule label
0%
Description
This was previously working on March 11th snapshot - now broken on 22.05.a.20220322.0600.
Only the default deny rule shows a rule description:
pass Mar 22 18:55:15 LAN5 id:1637004860 (1637004860) 10.0.5.50:21190 192.0.2.3:443 TCP:S block Mar 22 18:55:13 WAN2 Default deny rule IPv4 (1000000103) 151.101.x.x:443 172.21.96.1:63396 TCP:FPA block Mar 22 18:55:11 WAN2 Default deny rule IPv4 (1000000103) 31.13.x.x:443 172.21.96.1:56457 TCP:FPA
Related issues
Updated by
Updated by Jim Pingle about 2 years ago
- Tracker changed from Bug to Regression
- Subject changed from Rule descriptions in firewall logs are broken to Rule descriptions in firewall logs show wrong rule label
- Assignee set to Reid Linnemann
- Target version set to 2.7.0
- Plus Target Version set to 22.05
This is a known issue at the moment. It's a side effect of #12092 and the fact that the methods we use to get the rule data from pf don't return all the labels yet, only the first label on the rule. Reid had run into this already when working on associating rules with state data and it's part of what he's working on.
Updated by Reid Linnemann about 2 years ago
I did run into this, and I'm spending some time plumbing things through libpfctl to the pfSense php module. This will be a good time to expose all of the rule labels as well, I'm thinking preferably as an associative list rather than an array keyed by the prefix that identifies the label type.
Updated by Jim Pingle about 2 years ago
The rule description for the logs (and perhaps states if that pans out) should always be the last label on the rule. The user rules have a prefix ("USER_RULE") but the internal rules do not. The other prefixes like "id:", "gw:", "s:" are just things we've made up to make finding the right label easier.
Updated by Reid Linnemann almost 2 years ago
- Status changed from New to Resolved
Updated by Jim Pingle almost 2 years ago
- Release Notes changed from Default to Force Exclusion
Updated by Jim Pingle almost 2 years ago
- Related to Regression #13155: Rule labels in pftop output are not correct added