Regression #16575
closed
Firewall logs do not match PF rules with rule number ``0``
100%
Description
Filter log lines can have a rule number of "0" (first value):
0,846,,1683152017,igb0,match,block,in,4,0x28,,43,36802,0,none,6,tcp,40,10.10.40.15,172.25.0.1,42385,2375,0,S,2985861600,,65535,,
The firewall logs WebGUI pages do not parse these correctly resulting in "Matched Rule: unavailable" when hovering over the action icon.
Files
| pre-patch.jpg (108 KB) pre-patch.jpg | |||
| post-patch.jpg (117 KB) post-patch.jpg | |||
| raw_log.txt (374 Bytes) raw_log.txt |
Updated by Marcos M about 1 month ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset 6c00e3c78c4119b729aa5ecfe01e2a26d38505a3.
Updated by Georgiy Tyutyunnik about 1 month ago
- File pre-patch.jpg pre-patch.jpg added
- File post-patch.jpg post-patch.jpg added
- File raw_log.txt raw_log.txt added
patch doesn't fix the issue
firewall logs are recording dropped ipv6 MLDv2 packets processed under rule 0, patch changes GUI presentation but still "rule unavailable" in the pop-up.
patch tested on:
25.11-RELEASE (amd64)
built on Mon Dec 1 17:59:00 UTC 2025
FreeBSD 16.0-CURRENT
Updated by Marcos M about 1 month ago
- Description updated (diff)
- Status changed from Feedback to Resolved
The screenshot shows it working. The rule ID shown in the "post-patch" screenshot is the default ID used when a packet is dropped without a matching rule in the ruleset (e.g. due to a short packet error, IP option, etc.).
Updated by Jim Pingle about 23 hours ago
- Plus Target Version changed from 26.03 to 25.11.1
Updated by Jim Pingle about 19 hours ago
- Subject changed from Firewall logs do not match pf rules with rule number ``0`` to Firewall logs do not match PF rules with rule number ``0``