Bug Report - Filtered Firewall Log

JonH

Using 2.4.2-RELEASE-p1 (amd64) on SG-2440
I believe following is a bug, if not my apologies:
Filter firewall log by source port 67 returns all entries that contain '67' within the port number.
That is, it will return port 18679 instead of only 67. I think this worked correctly in earlier versions of pfSense.
Attached screenshot:

![Screen Shot 2017-12-29 at 11.10.46.jpg](/public/imported_attachments/1/Screen Shot 2017-12-29 at 11.10.46.jpg)
![Screen Shot 2017-12-29 at 11.10.46.jpg_thumb](/public/imported_attachments/1/Screen Shot 2017-12-29 at 11.10.46.jpg_thumb)

strangegopher

Post bugs here: https://redmine.pfsense.org/projects/pfsense/issues/new

BBcan177

It's not a bug. The filter uses regex.

Example to match only "67":

"^67" starts with 67
"^67$" starts and ends with only 67

johnpoz

You need to understand how to use regex ;)

I only do logs of SYN packets so missing a lot of noise.. But here is example of proper use of regex.. So when I just put in 23 it going to match pretty much anything that has 23 in it.. 2323, 5623, 1423, etc. etc..

First image.. If use the correct regex for what exactly I want - just port 23.. nothing more nothing less with ^23$ then that is all you get.. See in first post there were 3 hits with hit before at 15:19:49 and hit after at 15:13:33 now in second sniff those are missing..

multiplehits.png_thumb

2323doesntmatch.png_thumb

JonH

nothing more nothing less with ^23$ then that is all you get

Thanks All. I don't recall (but my memory is getting worse) this was necessary in earlier version.
But now that I know I'm all set.