Take a good look at what's getting blocked in your log files, it's easy to break google products because of their spyware/tracking integration.

Hi Gertjan, We forward the logs in a syslog server, and then the relevant ones in a Security Information and Event Management system (SIEM), splunk based. So we can always investigate in the syslog server (no log dropped at all), but for our security needs, internal DNS requests are irrelevant and I don't want to pay to index them in splunk.

Technically, these are NOT called rule names, but descriptions instead. The description of my firewall rules (on LAN is where I'm logging) are in my firewall logs. If you've got no rules created, you'll have to make some that actually log the data. After that, if you look in Status -> System Logs -> Firewall in the Rule column it lists the rule description(s). There's also the 10 digit unique (I think) tracking ID code to make them quick to find or index. The only restriction listed for rule descriptions is max of 52 characters. Don't know anything about special characters, however. Here's some talk about some description stuff. https://forum.netgate.com/topic/92254/firewall-rule-description-length-limitation Jeff