No states show up when filtering by TrackerID

michmoor

Under Diagnostics /states /States
When i put in the RuleID of a firewall rule that has states and search for the states matching the rule nothing comes up. See below
I am on pfSense 23.09.1
Am i doing this correctly?

pst

@michmoor said in No states show up when filtering by TrackerID:

Am i doing this correctly?

I think the Tracking Id and Rule Id are two different things. If you hover over the states information in the firewall rule it show the link to the diag_dump_states which uses the Rules Id whereas the pop-up window shows the Tracking Id.

michmoor

@pst
Its the same id

Are you seeing the same issue when searching for states matching the id?

pst

@michmoor it's not the same for me:

michmoor

@pst Ohhhhhhhhh
In the url that comes up at the bottom.
Do you know if that shows up anywhere in the GUI thats easier to spot?

pst

@michmoor sorry I have no idea. Just thought I'd share my findings as I did the same head-scratcher a while back. Hopefully someone else can explain the mapping between the two Ids.

michmoor

@pst Thats a nice catch. I wouldve never known to look there.
Thanks so much !

stephenw10

You can just click on that link to get the correctly filtered state table.

michmoor

@stephenw10
True that works.
So the "issue" is that if you happen to go straight into the Diag /States menu there is no logical way to know what the Rule ID would be unless you go to the Firewall rules and click on the link. To me there is no visual difference to know that Rule ID and Tracker ID are different things. This is more of a discoverability problem.
At the very least the Diag screen should give a hint as to where to find Rule ID - A blue info icon maybe?

Then there is the other piece of filtering. If i put in the Rule ID i can only filter individual states whereas in my filter expression if i put in an IP address i can kill all states for that IP. Is there a reason for the discrepency ?

stephenw10

It's the pf rule number. So you can see it in Diag > pftop, 'rules' view. Or the output of pfctl -vvsr.

stephenw10

Killing states by ruleID, or lack thereof, is probably a legacy option. pfctl has been extended a lot since pfSense was released.

Or it could be that the ruleID field itself is quite new. That used to be hidden so killing states by it would have been confusing at best.

It looks like pfctl can kill states by ruleID now so that could be a feature request.