Erroneous port shown in firewall log details when using port alias
When using Port aliases, in the firewall log, when clicking on 'action' the triggering port seems to always be the first of the list.
As for the images, the triggering port is the 21, the port shown in 'detail' is 1001
the port list goes something like: 1001, 21, ...
#1 Updated by Jim Pingle 5 months ago
That's a side effect of how pf parses and reports the rules.
We write out the rule just once with a tracking ID in rules.debug, pf parses it and internally makes three separate rules, all with the same tracking ID.
It might be possible to fuss with the matching to make it print the expected port number there but I'm not certain it would be worth the effort.