Bug #4651: Policy route negation rules receive the same tracker ID as the rule they are based upon, which confuses the log parser - pfSense - pfSense bugtracker

Actions

Copy link

Bug #4651

closed

Policy route negation rules receive the same tracker ID as the rule they are based upon, which confuses the log parser

Added by Jim Pingle over 9 years ago. Updated over 9 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Ermal Luçi

Category:

Rules / NAT

Target version:

2.2.3

Start date:

04/23/2015

Due date:

% Done:

100%

Estimated time:

Plus Target Version:

Release Notes:

Affected Version:

2.2

Affected Architecture:

All

Description

If the policy route negation rules are active, the automatic negation rule receives the same tracker ID as the rule it is based upon:

pass in quick on $LAN inet proto tcp from any to <negate_networks> tracker 1429792471 flags S/SA keep state label "NEGATE_ROUTE: Negate policy routing for destination"
pass in quick on $LAN $GWttest inet proto tcp from any to any tracker 1429792471 flags S/SA keep state label "USER_RULE: negate check test"

Since the tracker ID is the same and it comes first in the ruleset, when set to log, the logs show the negate rule as passing the traffic when that is not the case.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense

Custom queries

Bug #4651

Policy route negation rules receive the same tracker ID as the rule they are based upon, which confuses the log parser

Updated by Ermal Luçi over 9 years ago

Updated by Ermal Luçi over 9 years ago

Updated by Chris Buechler over 9 years ago

Updated by Ermal Luçi over 9 years ago

Updated by Ermal Luçi over 9 years ago

Updated by Ermal Luçi over 9 years ago

Updated by Chris Buechler over 9 years ago