Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    No states show up when filtering by TrackerID

    Scheduled Pinned Locked Moved General pfSense Questions
    11 Posts 3 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pst @michmoor
      last edited by

      @michmoor said in No states show up when filtering by TrackerID:

      Am i doing this correctly?

      I think the Tracking Id and Rule Id are two different things. If you hover over the states information in the firewall rule it show the link to the diag_dump_states which uses the Rules Id whereas the pop-up window shows the Tracking Id.

      M 1 Reply Last reply Reply Quote 0
      • M
        michmoor LAYER 8 Rebel Alliance @pst
        last edited by

        @pst
        Its the same id

        d7bbfc41-5124-40d2-8678-2b5b47246cab-image.png

        Are you seeing the same issue when searching for states matching the id?

        Firewall: NetGate,Palo Alto-VM,Juniper SRX
        Routing: Juniper, Arista, Cisco
        Switching: Juniper, Arista, Cisco
        Wireless: Unifi, Aruba IAP
        JNCIP,CCNP Enterprise

        P 1 Reply Last reply Reply Quote 0
        • P
          pst @michmoor
          last edited by

          @michmoor it's not the same for me:

          6c1aa6e1-8671-4f65-bda3-f06c45a94cf1-image.png

          M 1 Reply Last reply Reply Quote 0
          • M
            michmoor LAYER 8 Rebel Alliance @pst
            last edited by

            @pst Ohhhhhhhhh
            In the url that comes up at the bottom.
            Do you know if that shows up anywhere in the GUI thats easier to spot?

            Firewall: NetGate,Palo Alto-VM,Juniper SRX
            Routing: Juniper, Arista, Cisco
            Switching: Juniper, Arista, Cisco
            Wireless: Unifi, Aruba IAP
            JNCIP,CCNP Enterprise

            P 1 Reply Last reply Reply Quote 0
            • P
              pst @michmoor
              last edited by

              @michmoor sorry I have no idea. Just thought I'd share my findings as I did the same head-scratcher a while back. Hopefully someone else can explain the mapping between the two Ids.

              M 1 Reply Last reply Reply Quote 1
              • M
                michmoor LAYER 8 Rebel Alliance @pst
                last edited by

                @pst Thats a nice catch. I wouldve never known to look there.
                Thanks so much !

                Firewall: NetGate,Palo Alto-VM,Juniper SRX
                Routing: Juniper, Arista, Cisco
                Switching: Juniper, Arista, Cisco
                Wireless: Unifi, Aruba IAP
                JNCIP,CCNP Enterprise

                1 Reply Last reply Reply Quote 1
                • stephenw10S
                  stephenw10 Netgate Administrator
                  last edited by

                  You can just click on that link to get the correctly filtered state table.

                  M 1 Reply Last reply Reply Quote 0
                  • M
                    michmoor LAYER 8 Rebel Alliance @stephenw10
                    last edited by

                    @stephenw10
                    True that works.
                    So the "issue" is that if you happen to go straight into the Diag /States menu there is no logical way to know what the Rule ID would be unless you go to the Firewall rules and click on the link. To me there is no visual difference to know that Rule ID and Tracker ID are different things. This is more of a discoverability problem.
                    At the very least the Diag screen should give a hint as to where to find Rule ID - A blue info icon maybe?

                    Then there is the other piece of filtering. If i put in the Rule ID i can only filter individual states whereas in my filter expression if i put in an IP address i can kill all states for that IP. Is there a reason for the discrepency ?

                    Firewall: NetGate,Palo Alto-VM,Juniper SRX
                    Routing: Juniper, Arista, Cisco
                    Switching: Juniper, Arista, Cisco
                    Wireless: Unifi, Aruba IAP
                    JNCIP,CCNP Enterprise

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S
                      stephenw10 Netgate Administrator
                      last edited by

                      It's the pf rule number. So you can see it in Diag > pftop, 'rules' view. Or the output of pfctl -vvsr.

                      1 Reply Last reply Reply Quote 0
                      • stephenw10S
                        stephenw10 Netgate Administrator
                        last edited by

                        Killing states by ruleID, or lack thereof, is probably a legacy option. pfctl has been extended a lot since pfSense was released.

                        Or it could be that the ruleID field itself is quite new. That used to be hidden so killing states by it would have been confusing at best.

                        It looks like pfctl can kill states by ruleID now so that could be a feature request.

                        1 Reply Last reply Reply Quote 1
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.