Actions
Bug #2122
closedTodo #2109: pfSense on FreeBSD 10.x
pf log output slightly different in FreeBSD 10
Start date:
01/20/2012
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.2
Affected Architecture:
Description
We can collect any issues we find with pf log output being different on FreeBSD 9 here, and the fallout.
First:
The rule number in the log file is showing up differently than it used to:
Jan 20 19:16:37 pfSense pf: 00:00:01.019773 rule 1..16777216/0(match): block in on ovpnc1: (tos 0x0, ttl 64, id 31861, offset 0, flags [none], proto ICMP (1), length 84) Jan 20 19:16:37 pfSense pf: 10.0.97.1 > 192.168.18.1: ICMP echo request, id 60625, seq 9, length 64
I'm not sure what the 1..16777216/0 is supposed to indicate, but the rule that blocked that traffic was:
@64 block drop in quick on em0 reply-to (em0 192.168.197.2) inet proto icmp all label "USER_RULE: block ping" [ Evaluations: 20 Packets: 1 Bytes: 60 States: 0 ] [ Inserted: uid 0 pid 63203 State Creations: 0 ]
(also not sure why block got a reply-to, but that's probably unrelated)
Updated by Jim Pingle almost 13 years ago
For the above, when the solution is found, the code to get the rule number is in /etc/inc/filter_log.inc in find_rule_by_number().
We may also want to revisit #1938 and try to collapse the log output into single lines instead of the way pf breaks them up.
Updated by Jim Pingle almost 13 years ago
- Target version changed from 2.1 to 2.2
Updated by Chris Buechler over 12 years ago
- Affected Version changed from 2.1 to 2.2
Updated by Renato Botelho about 11 years ago
- Subject changed from pf log output slightly different in FreeBSD 9 to pf log output slightly different in FreeBSD 10
Updated by Ermal Luçi over 10 years ago
- Status changed from New to Closed
A different implementation has been performed to not depend on this anymore.
Actions