No firewall logs in 2.5.0 snapshot



  • I don't see any firewall logs after doing fresh install from image (restore config.xml and reinstalled packages)

    Here is the output of /var/log/filter.log

    Mar 18 11:34:36 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,8,bad-len=0,8
    Mar 18 11:34:49 router filterlog[70359]: 173,,,1770008575,igb2.101,match,block,in,0,bad-hlen=0),0
    Mar 18 11:35:11 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,0,bad-hlen=0),0
    Mar 18 11:35:12 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,3,bad-len=0,3
    Mar 18 11:35:12 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,9,bad-len=0,9
    Mar 18 11:35:14 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,0,bad-hlen=0),0
    Mar 18 11:35:15 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,10,bad-hlen=4),10
    Mar 18 11:35:25 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,0,bad-hlen=0),0
    Mar 18 11:35:45 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,9,bad-len=0,9
    Mar 18 11:36:55 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,2,bad-hlen=0),2
    Mar 18 11:37:21 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,0,bad-hlen=0),0
    Mar 18 11:37:22 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,0,bad-hlen=0),0
    Mar 18 11:37:24 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,0,bad-hlen=0),0
    Mar 18 11:37:55 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,5,bad-len=0,5
    Mar 18 11:37:56 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,3,bad-len=0,3
    Mar 18 11:38:07 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,1,bad-hlen=16),1
    Mar 18 11:38:17 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,9,bad-len=0,9
    Mar 18 11:38:53 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,0,bad-hlen=0),0
    Mar 18 11:38:53 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,0,bad-hlen=0),0
    Mar 18 11:39:20 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,9,bad-len=0,9
    Mar 18 11:39:47 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,3,bad-len=0,3
    Mar 18 11:39:57 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,0,bad-hlen=0),0
    Mar 18 11:39:58 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,0,bad-hlen=0),0
    Mar 18 11:40:00 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,0,bad-hlen=0),0
    Mar 18 11:40:00 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,0,bad-len=0,0
    Mar 18 11:40:04 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,0,bad-hlen=0),0
    Mar 18 11:40:11 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,9,bad-len=0,9
    Mar 18 11:40:12 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,0,bad-hlen=0),0
    Mar 18 11:40:14 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,10,bad-len=0,10
    Mar 18 11:41:12 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,2,bad-len=0,2
    Mar 18 11:41:15 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,10,bad-len=0,10
    Mar 18 11:41:26 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,0,bad-hlen=0),0
    Mar 18 11:41:38 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,4,bad-len=0,
    Mar 18 11:42:00 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,10,bad-hlen=4),10
    Mar 18 11:42:05 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,3,bad-len=0,3
    Mar 18 11:42:12 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,2,bad-hlen=4),2
    Mar 18 11:42:18 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,12,bad-len=0,12
    Mar 18 11:42:51 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,0,bad-len=0,0
    Mar 18 11:43:12 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,12,bad-hlen=4),12
    Mar 18 11:43:24 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,8,bad-len=0,8
    Mar 18 11:43:25 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,0,bad-len=0,0
    Mar 18 11:43:26 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,11,bad-hlen=16),11
    Mar 18 11:43:41 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,1,bad-hlen=12),1
    Mar 18 11:43:47 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,15,bad-hlen=16),15
    Mar 18 11:44:11 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,7,bad-hlen=8),7
    Mar 18 11:44:16 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,10,bad-hlen=12),10
    Mar 18 11:44:24 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,15,bad-hlen=12),15
    Mar 18 11:44:48 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,7,bad-len=0,7
    Mar 18 11:45:15 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,1,bad-len=0,1
    Mar 18 11:45:31 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,1,bad-hlen=16),1
    Mar 18 11:46:29 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,15,bad-len=0,15
    Mar 18 11:46:38 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,8,bad-len=0,8
    Mar 18 11:46:41 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,13,bad-len=0,13
    Mar 18 11:46:45 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,5,bad-len=0,5
    Mar 18 11:47:12 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,10,bad-len=0,10
    Mar 18 11:47:52 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,7,bad-len=0,7
    Mar 18 11:47:53 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,10,bad-len=0,10
    Mar 18 11:48:01 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,8,bad-len=0,8
    Mar 18 11:48:01 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,13,bad-len=0,13
    Mar 18 11:48:03 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,0,bad-len=0,0
    Mar 18 11:48:10 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,12,bad-len=0,12
    Mar 18 11:48:30 router filterlog[70359]: 4,,,1000000103,igb3,match,block,iCLOGm��
    

  • Rebel Alliance Developer Netgate

    Can you run clog /var/log/filter.log and post that instead? You posted the binary version which may not exactly match the text version.

    There is probably something in filterlog that needs updated to match pf on FreeBSD 12



  • @jimp here it is:

    Mar 18 11:36:55 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,2,bad-hlen=0),2
    Mar 18 11:37:21 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,0,bad-hlen=0),0
    Mar 18 11:37:22 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,0,bad-hlen=0),0
    Mar 18 11:37:24 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,0,bad-hlen=0),0
    Mar 18 11:37:55 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,5,bad-len=0,5
    Mar 18 11:37:56 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,3,bad-len=0,3
    Mar 18 11:38:07 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,1,bad-hlen=16),1
    Mar 18 11:38:17 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,9,bad-len=0,9
    Mar 18 11:38:53 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,0,bad-hlen=0),0
    Mar 18 11:38:53 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,0,bad-hlen=0),0
    Mar 18 11:39:20 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,9,bad-len=0,9
    Mar 18 11:39:47 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,3,bad-len=0,3
    Mar 18 11:39:57 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,0,bad-hlen=0),0
    Mar 18 11:39:58 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,0,bad-hlen=0),0
    Mar 18 11:40:00 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,0,bad-hlen=0),0
    Mar 18 11:40:00 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,0,bad-len=0,0
    Mar 18 11:40:04 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,0,bad-hlen=0),0
    Mar 18 11:40:11 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,9,bad-len=0,9
    Mar 18 11:40:12 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,0,bad-hlen=0),0
    Mar 18 11:40:14 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,10,bad-len=0,10
    Mar 18 11:41:12 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,2,bad-len=0,2
    Mar 18 11:41:15 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,10,bad-len=0,10
    Mar 18 11:41:26 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,0,bad-hlen=0),0
    Mar 18 11:41:38 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,4,bad-len=0,
    Mar 18 11:42:00 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,10,bad-hlen=4),10
    Mar 18 11:42:05 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,3,bad-len=0,3
    Mar 18 11:42:12 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,2,bad-hlen=4),2
    Mar 18 11:42:18 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,12,bad-len=0,12
    Mar 18 11:42:51 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,0,bad-len=0,0
    Mar 18 11:43:12 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,12,bad-hlen=4),12
    Mar 18 11:43:24 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,8,bad-len=0,8
    Mar 18 11:43:25 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,0,bad-len=0,0
    Mar 18 11:43:26 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,11,bad-hlen=16),11
    Mar 18 11:43:41 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,1,bad-hlen=12),1
    Mar 18 11:43:47 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,15,bad-hlen=16),15
    Mar 18 11:44:11 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,7,bad-hlen=8),7
    Mar 18 11:44:16 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,10,bad-hlen=12),10
    Mar 18 11:44:24 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,15,bad-hlen=12),15
    Mar 18 11:44:48 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,7,bad-len=0,7
    Mar 18 11:45:15 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,1,bad-len=0,1
    Mar 18 11:45:31 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,1,bad-hlen=16),1
    Mar 18 11:46:29 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,15,bad-len=0,15
    Mar 18 11:46:38 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,8,bad-len=0,8
    Mar 18 11:46:41 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,13,bad-len=0,13
    Mar 18 11:46:45 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,5,bad-len=0,5
    Mar 18 11:47:12 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,10,bad-len=0,10
    Mar 18 11:47:52 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,7,bad-len=0,7
    Mar 18 11:47:53 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,10,bad-len=0,10
    Mar 18 11:48:01 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,8,bad-len=0,8
    Mar 18 11:48:01 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,13,bad-len=0,13
    Mar 18 11:48:03 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,0,bad-len=0,0
    Mar 18 11:48:10 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,12,bad-len=0,12
    Mar 18 11:48:30 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,0,bad-hlen=0),0
    Mar 18 11:48:33 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,0,bad-hlen=0),0
    Mar 18 11:48:47 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,6,error='truncated-ip6 - 12038 bytes missing!',0x0a,0x50000,41,unknown,250,12038,c3b5:1828:6037:f498:a67f:17:6037:f498,::6002:a420:c855:0:204:550,
    Mar 18 11:48:50 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,7,bad-hlen=4),7
    Mar 18 11:49:15 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,6,truncated-ip6=36,
    Mar 18 11:49:19 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,11,bad-hlen=12),11
    Mar 18 11:49:23 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,7,bad-len=0,7
    Mar 18 11:49:32 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,8,bad-len=0,8
    Mar 18 11:49:37 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,0,bad-hlen=0),0
    Mar 18 11:50:00 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,2,bad-len=0,2
    Mar 18 11:50:05 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,3,bad-len=0,3
    Mar 18 11:50:51 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,6,truncated-ip6=36,
    Mar 18 11:51:01 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,13,bad-len=0,13
    Mar 18 11:51:17 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,0,bad-hlen=4),0
    Mar 18 11:51:21 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,7,bad-len=0,7
    Mar 18 11:51:22 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,1,bad-len=0,1
    Mar 18 11:51:27 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,0,bad-len=0,0
    Mar 18 11:51:31 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,1,bad-len=0,1
    Mar 18 11:51:46 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,11,bad-len=0,11
    Mar 18 11:51:53 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,7,bad-hlen=16),7
    Mar 18 11:52:14 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,9,bad-len=0,9
    Mar 18 11:52:36 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,1,bad-hlen=12),1
    Mar 18 11:52:40 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,15,bad-len=0,15
    Mar 18 11:53:21 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,10,bad-len=0,10
    Mar 18 11:53:40 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,0,bad-hlen=0),0
    Mar 18 11:53:45 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,8,bad-len=0,8
    Mar 18 11:54:16 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,4,bad-len=0,
    Mar 18 11:54:20 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,13,bad-hlen=4),13
    Mar 18 11:54:23 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,9,bad-hlen=8),9
    Mar 18 11:54:35 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,8,bad-hlen=4),8
    Mar 18 11:54:57 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,10,bad-len=0,10
    Mar 18 11:55:12 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,10,bad-len=0,10
    Mar 18 11:55:46 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,12,bad-len=0,12
    Mar 18 11:56:01 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,7,bad-hlen=8),7
    Mar 18 11:56:13 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,3,bad-len=0,3
    Mar 18 11:56:35 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,5,bad-len=0,5
    Mar 18 11:57:35 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,11,bad-len=0,11
    Mar 18 11:57:42 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,15,bad-len=0,15
    Mar 18 11:58:03 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,0,bad-len=0,0
    Mar 18 11:58:17 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,4,bad-len=0,
    Mar 18 11:58:28 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,6,truncated-ip6=36,
    Mar 18 11:59:06 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,10,bad-hlen=12),10
    Mar 18 11:59:07 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,3,bad-len=0,3
    Mar 18 11:59:16 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,1,bad-len=0,1
    Mar 18 12:00:04 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,3,bad-hlen=8),3
    Mar 18 12:00:09 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,11,bad-hlen=0),11
    Mar 18 12:00:14 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,10,bad-hlen=8),10
    Mar 18 12:00:42 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,3,bad-len=0,3
    Mar 18 12:00:58 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,0,bad-len=0,0
    Mar 18 12:01:22 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,8,bad-hlen=16),8
    Mar 18 12:01:24 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,13,bad-len=0,13
    Mar 18 12:01:55 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,11,bad-len=0,11
    Mar 18 12:02:13 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,7,bad-len=0,7
    Mar 18 12:02:45 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,0,bad-len=0,0
    Mar 18 12:03:26 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,0,bad-len=0,0
    Mar 18 12:03:51 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,12,bad-hlen=0),12
    Mar 18 12:04:10 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,13,bad-len=0,13
    Mar 18 12:04:14 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,7,bad-len=0,7
    Mar 18 12:04:14 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,11,bad-len=0,11
    Mar 18 12:04:20 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,1,bad-hlen=0),1
    Mar 18 12:04:21 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,5,bad-len=0,5
    Mar 18 12:04:27 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,7,bad-len=0,7
    Mar 18 12:04:38 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,5,bad-len=0,5
    Mar 18 12:04:47 router filterlog[70359]: 173,,,1770008575,igb2.101,match,block,in,0,bad-hlen=0),0
    Mar 18 12:04:51 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,14,bad-len=0,14
    Mar 18 12:05:11 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,10,bad-len=0,10
    Mar 18 12:05:13 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,11,bad-len=0,11
    Mar 18 12:05:48 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,12,bad-len=0,12
    Mar 18 12:05:52 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,3,bad-hlen=12),3
    Mar 18 12:05:54 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,3,bad-len=0,3
    Mar 18 12:06:00 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,0,bad-hlen=0),0
    Mar 18 12:06:00 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,13,bad-hlen=16),13
    Mar 18 12:06:01 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,0,bad-hlen=0),0
    Mar 18 12:06:03 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,0,bad-hlen=0),0
    Mar 18 12:06:07 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,0,bad-hlen=0),0
    Mar 18 12:06:10 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,12,bad-len=0,12
    Mar 18 12:06:15 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,0,bad-hlen=0),0
    Mar 18 12:06:26 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,2,bad-len=0,2
    

  • Rebel Alliance Developer Netgate

    @strangegopher said in No firewall logs in 2.5.0 snapshot:

    Mar 18 11:48:47 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,6,error='truncated-ip6 - 12038 bytes missing!',0x0a,0x50000,41,unknown,250,12038,c3b5:1828:6037:f498:a67f:17:6037:f498,::6002:a420:c855:0:204:550,
    Mar 18 11:48:50 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,7,bad-hlen=4),7
    Mar 18 11:49:15 router filterlog[70359]: 4,,,1000000103,igb3,match,block,in,6,truncated-ip6=36,

    I checked on one of mine and it had similar errors.

    I opened https://redmine.pfsense.org/issues/9411 to track this.



  • @jimp here is what pflog0 tcpdump looks like

    # tcpdump -n -e -ttt -i pflog0
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 262144 bytes
     00:00:00.000000 rule 4/0(match): block in on igb3: IP0 
     00:00:00.510115 rule 4/0(match): block in on igb3: IP14 
     00:00:00.514933 rule 4/0(match): block in on igb3: IP12 
     00:00:00.514640 rule 4/0(match): block in on igb3: IP7 
     00:00:00.515169 rule 4/0(match): block in on igb3: IP5 
     00:00:00.514514 rule 4/0(match): block in on igb3: IP2 
     00:00:00.514623 rule 4/0(match): block in on igb3: IP14 
     00:00:01.033917 rule 4/0(match): block in on igb3: IP1 
     00:00:00.512524 rule 4/0(match): block in on igb3: IP13 
     00:00:14.935477 rule 4/0(match): block in on igb3: IP0 
     00:00:01.006694 rule 4/0(match): block in on igb3: IP0 
     00:00:02.016589 rule 4/0(match): block in on igb3: IP0 
     00:00:04.130374 rule 4/0(match): block in on igb3: IP0 
     00:00:08.193228 rule 4/0(match): block in on igb3: IP0 
     00:00:01.219353 rule 4/0(match): block in on igb3: IP3 
    
    


  • I'm having same issue aswell.

    Firewall is blocking/allowing stuff as normal but isn't recording it in the logs.


  • LAYER 8 Moderator

    Mar 19 12:26:15 pfs-devel filterlog[8249]: 4,,,1000000103,em0,match,block,in,6,error='truncated-ip6 - 65380 bytes missing!',0x96,0xd0000,186,unknown,109,65392,a00:fa0b:e000:12:21fa:7:1:1562,4ed5:3f5:c85:cfc1:7985:f0e8:d619:7bee,
    Mar 19 12:26:15 pfs-devel filterlog[8249]: 6,,,1000000105,em0,match,block,in,0,bad-hlen=0),0
    Mar 19 12:26:16 pfs-devel filterlog[8249]: 6,,,1000000105,em0,match,block,in,0,bad-hlen=0),0
    Mar 19 12:26:16 pfs-devel filterlog[8249]: 6,,,1000000105,em1,match,block,in,0,bad-hlen=0),0
    Mar 19 12:26:16 pfs-devel filterlog[8249]: 4,,,1000000103,em0,match,block,in,6,error='truncated-ip6 - 65380 bytes missing!',0x7d,0x70000,80,unknown,111,65392,a00:fa0b:e000:12:21fa:7:1:1562,4ed5:3f5:c85:cfc1:7985:f0e8:d619:7bee,
    Mar 19 12:26:17 pfs-devel filterlog[8249]: 4,,,1000000103,em0,match,block,in,11,bad-len=0,11
    Mar 19 12:26:17 pfs-devel filterlog[8249]: 6,,,1000000105,em1,match,block,in,0,bad-hlen=0),0
    Mar 19 12:26:17 pfs-devel filterlog[8249]: 6,,,1000000105,em0,match,block,in,0,bad-hlen=0),0
    Mar 19 12:26:18 pfs-devel filterlog[8249]: 6,,,1000000105,em0,match,block,in,0,bad-hlen=0),0
    Mar 19 12:26:18 pfs-devel filterlog[8249]: 6,,,1000000105,em1,match,block,in,0,bad-hlen=0),0
    Mar 19 12:26:18 pfs-devel filterlog[8249]: 4,,,1000000103,em0,match,block,in,2,bad-hlen=0),2
    Mar 19 12:26:19 pfs-devel filterlog[8249]: 6,,,1000000105,em1,match,block,in,0,bad-hlen=0),0
    Mar 19 12:26:19 pfs-devel filterlog[8249]: 6,,,1000000105,em0,match,block,in,0,bad-hlen=0),0
    Mar 19 12:26:19 pfs-devel filterlog[8249]: 4,,,1000000103,em0,match,block,in,3,bad-len=0,3
    Mar 19 12:26:20 pfs-devel filterlog[8249]: 4,,,1000000103,em0,match,block,in,6,error='truncated-ip6 - 65380 bytes missing!',0xce,0xd0000,58,unknown,106,65392,a00:fa0b:e000:12:21fa:7:1:1562,4ed5:3f5:c85:cfc1:7985:f0e8:d619:7bee,
    Mar 19 12:26:20 pfs-devel filterlog[8249]: 6,,,1000000105,em0,match,block,in,0,bad-hlen=0),0
    Mar 19 12:26:20 pfs-devel filterlog[8249]: 6,,,1000000105,em1,match,block,in,0,bad-hlen=0),0
    Mar 19 12:26:21 pfs-devel filterlog[8249]: 6,,,1000000105,em1,match,block,in,0,bad-hlen=0),0
    Mar 19 12:26:21 pfs-devel filterlog[8249]: 6,,,1000000105,em0,match,block,in,0,bad-hlen=0),0
    Mar 19 12:26:21 pfs-devel filterlog[8249]: 4,,,1000000103,em0,match,block,in,13,bad-hlen=16),13
    Mar 19 12:26:22 pfs-devel filterlog[8249]: 4,,,1000000103,em0,match,block,in,15,bad-len=0,15
    Mar 19 12:26:22 pfs-devel filterlog[8249]: 6,,,1000000105,em0,match,block,in,0,bad-hlen=0),0
    Mar 19 12:26:22 pfs-devel filterlog[8249]: 6,,,1000000105,em1,match,block,in,0,bad-hlen=0),0
    Mar 19 12:26:23 pfs-devel filterlog[8249]: 6,,,1000000105,em1,match,block,in,0,bad-hlen=0),0
    Mar 19 12:26:23 pfs-devel filterlog[8249]: 6,,,1000000105,em0,match,block,in,0,bad-hlen=0),0
    Mar 19 12:26:23 pfs-devel filterlog[8249]: 4,,,1000000103,em0,match,block,in,9,bad-len=0,9
    Mar 19 12:26:24 pfs-devel filterlog[8249]: 6,,,1000000105,em0,match,block,in,0,bad-hlen=0),0
    Mar 19 12:26:24 pfs-devel filterlog[8249]: 6,,,1000000105,em1,match,block,in,0,bad-hlen=0),0
    Mar 19 12:26:24 pfs-devel filterlog[8249]: 4,,,1000000103,em0,match,block,in,4,bad-len=0,
    Mar 19 12:26:25 pfs-devel filterlog[8249]: 6,,,1000000105,em1,match,block,in,0,bad-hlen=0),0
    

    That's my filterlog. But I'm missing blocks that actually should appear on em0 / WAN as I forced connections from the system in front of it to ports like 12345/tcp to show up. But no sign of it.

    Greets


  • Rebel Alliance Developer Netgate

    We are still investigating. This happened ~3 years ago, I think when we moved to FreeBSD 11 the first time. A data structure in pf changed size or layout and filterlog had to be changed to match. Until we get that fixed, it doesn't matter what you see in the log, it's all wrong.



  • Just updated to latest snapshot and I see logs again!
    I see invalid filterlog bug is still in progress so I am probably not seeing all the logs.
    But something is better than nothing for now.


  • Rebel Alliance Developer Netgate

    There were two bugs at play here, both of which should be corrected on current snapshots:

    Even though that bug is marked "in progress" it's most likely fixed everywhere.


Log in to reply