Project

General

Profile

Actions

Bug #9140

open

Unexpected rule can be displayed when looking up filter log entry with multiple matching rules

Added by S P about 6 years ago. Updated over 5 years ago.

Status:
New
Priority:
Very Low
Assignee:
-
Category:
Logging
Target version:
-
Start date:
11/20/2018
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4.x
Affected Architecture:

Description

When using Port aliases, in the firewall log, when clicking on 'action' the triggering port seems to always be the first of the list.

As for the images, the triggering port is the 21, the port shown in 'detail' is 1001
the port list goes something like: 1001, 21, ...


Files

log.png (4.1 KB) log.png S P, 11/20/2018 07:43 AM
detail.png (10.1 KB) detail.png S P, 11/20/2018 07:43 AM
Actions #1

Updated by Jim Pingle about 6 years ago

That's a side effect of how pf parses and reports the rules.

We write out the rule just once with a tracking ID in rules.debug, pf parses it and internally makes three separate rules, all with the same tracking ID.

It might be possible to fuss with the matching to make it print the expected port number there but I'm not certain it would be worth the effort.

Actions #2

Updated by Jim Pingle over 5 years ago

  • Subject changed from Erroneous port shown in firewall log details when using port alias to Unexpected rule can be displayed when looking up filter log entry with multiple matching rules
Actions

Also available in: Atom PDF