Regression #12977
closed
Rule descriptions in firewall logs show wrong rule label
Added by Marcos M over 2 years ago.
Updated over 2 years ago.
Plus Target Version:
22.05
Release Notes:
Force Exclusion
Description
This was previously working on March 11th snapshot - now broken on 22.05.a.20220322.0600.
Only the default deny rule shows a rule description:
pass Mar 22 18:55:15 LAN5 id:1637004860 (1637004860) 10.0.5.50:21190 192.0.2.3:443 TCP:S
block Mar 22 18:55:13 WAN2 Default deny rule IPv4 (1000000103) 151.101.x.x:443 172.21.96.1:63396 TCP:FPA
block Mar 22 18:55:11 WAN2 Default deny rule IPv4 (1000000103) 31.13.x.x:443 172.21.96.1:56457 TCP:FPA
- Affected Version set to 2.7.0
- Tracker changed from Bug to Regression
- Subject changed from Rule descriptions in firewall logs are broken to Rule descriptions in firewall logs show wrong rule label
- Assignee set to Reid Linnemann
- Target version set to 2.7.0
- Plus Target Version set to 22.05
This is a known issue at the moment. It's a side effect of #12092 and the fact that the methods we use to get the rule data from pf don't return all the labels yet, only the first label on the rule. Reid had run into this already when working on associating rules with state data and it's part of what he's working on.
I did run into this, and I'm spending some time plumbing things through libpfctl to the pfSense php module. This will be a good time to expose all of the rule labels as well, I'm thinking preferably as an associative list rather than an array keyed by the prefix that identifies the label type.
The rule description for the logs (and perhaps states if that pans out) should always be the last label on the rule. The user rules have a prefix ("USER_RULE") but the internal rules do not. The other prefixes like "id:", "gw:", "s:" are just things we've made up to make finding the right label easier.
- Status changed from New to Resolved
- Release Notes changed from Default to Force Exclusion
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by