Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    tracking ID 1000058313

    Scheduled Pinned Locked Moved Firewalling
    8 Posts 2 Posters 837 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P Offline
      philippe richard
      last edited by

      Hello to all the community,
      Does anyone know what rule this tracking ID 1000058313 corresponds to?
      It doesn't match any of my rules.

      Thanks

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ Offline
        johnpoz LAYER 8 Global Moderator @philippe richard
        last edited by johnpoz

        @philippe-richard said in tracking ID 1000058313:

        1000058313

        You prob want to look at your full ruleset

        https://docs.netgate.com/pfsense/en/latest/firewall/pf-ruleset.html#viewing-the-pf-ruleset

        pfctl -sa

        Should list the ids so you could see which specific rule.

        Where exactly are you seeing that, it also could be an old rule - if your seeing that in your firewall log?

        So example, created just some rule to so could see it in the logs

        seeid.jpg

        But after I remove the rule, it is still in the log, but notice it doesn't say user_rule on it any more and just lists the id, and if I look through the rule set its not listed any more

        deleterule.jpg

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

        P 1 Reply Last reply Reply Quote 1
        • P Offline
          philippe richard @johnpoz
          last edited by

          @johnpoz
          Hello and sorry for the late response.
          I don't use the log display in the pfsense but in my log server.
          another example of an id that doesn't match any of my rules
          2022-08-30T06:55:12.927401+11:00 pfsense1.univ-nc.nc filterlog[27716] 437,,,1000057263,ix0,match,pass,out,4,0x0,,63,26829,0,none ,1,icmp,96,192.168.xx.xx,10.xx.xx.xx,request,8838,076
          this is the display of the logs in my rsyslog server.
          the rule 1000057263 does not exist.
          a pfctl -sa | grep 1000057263 gives me this answer that I don't understand, excuse me for my nonsense.
          "pass out log inet all flags S/SA keep state allow-opts label "let out anything IPv4 from firewall host itself" ridentifier 1000057263"
          what does he mean ?
          thank you for your help

          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ Offline
            johnpoz LAYER 8 Global Moderator @philippe richard
            last edited by

            @philippe-richard said in tracking ID 1000058313:

            "let out anything IPv4 from firewall host itself"

            That is the rule that makes sure it can check for updates and the like. That services like unbound, etc. can get out.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

            P 2 Replies Last reply Reply Quote 1
            • P Offline
              philippe richard @johnpoz
              last edited by

              @johnpoz Thank you John.

              1 Reply Last reply Reply Quote 0
              • P Offline
                philippe richard @johnpoz
                last edited by

                @johnpoz I don't understand why port 514 goes from all my vlans if there are no rules for that.

                johnpozJ 1 Reply Last reply Reply Quote 0
                • johnpozJ Offline
                  johnpoz LAYER 8 Global Moderator @philippe richard
                  last edited by

                  @philippe-richard 514 is syslog so where are you sending your remote logs, it shouldn't go out all interfaces - just the interface to get to your syslog server

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

                  P 1 Reply Last reply Reply Quote 0
                  • P Offline
                    philippe richard @johnpoz
                    last edited by

                    @johnpoz said in tracking ID 1000058313:

                    514 is syslog so where are you sending your remote logs, it shouldn't go out all interfaces - just the interface to get to your syslog server
                    Yes, exactly, in my Remote Logging Option configuration, a vlan is chosen in the "source Address" field and I have two "remote log servers which are in the same vlan as "source Address".

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.