Rule details not showing in Firewall Log

fsr

Hi,

I noticed that some rules don't show details anymore when clicking on the Action icon in firewall log. It seems to me like it happens with floating rules only.

That is, clicking here:

When it works normally, it opens a dialog that shows something like this:

The rule that triggered this action is:

@180(1521734997) pass in log quick on de3 inet from <PCs_Admin:5> to any flags S/SA keep state label "USER_RULE: Acceso total a cualquier red."

However, on some entries, the dialog is almost empty, only showing this:

The rule that triggered this action is:

I think that's a bug that arised with the change of the user interface. I have some firewalls with older 2.1.4 versions, and they work without issues. It was also better for me to have the filtering options already opened, instead of having to click the icon to filter.

Should i report the bug somehow, or it's ok, to just leave the message here? This bug makes it really hard to "debug" floating rules.

Regards

johnpoz

That you would compare anything to a version 2.1, that 2.1 is running anywhere currently is sad to be honest it has been end of life for years.. Unless you have it running in a lab for "fun" ?

Clicking the action icon works just fine..

Why don't you give some details of the specific entries.. Possible you deleted the rule - would be my guess.

fsr

The rule exists. For example, if i click in the following entry, it's empty, but if i search the rule number in the shell, it finds it:

pfctl -vvsr | grep -i "1523388574"

@88(1523388574) match in log on de1 inet from 192.x.x.0/24 to ! <LANs_Sin_Limiters:5> label "USER_RULE: Limiter inteligente VLAN1 a INET" dnqueue(5, 1)

Derelict

That looks like your browser complaining about dialogues. Nothing pfSense can do about that.

fsr

@Derelict said in Rule details not showing in Firewall Log:

That looks like your browser complaining about dialogues. Nothing pfSense can do about that.

The message is displayed, but only says that "the rule that triggered this action is:" (that's all)

Firefox always provides the check box offering to block further dialogs, that's normal.

johnpoz

@fsr said in Rule details not showing in Firewall Log:

Firefox always provides the check box offering to block further dialogs, that's normal.

No it doesn't as you can see from my screenshot.

fsr

A web site must show several dialogs for firefox to offer silencing them.

Anyways, this is a screenshot from Google Chrome, so as to discard the browser from this problem:

And searching for the rule number shows this:

pfctl -vvsr | grep -i "1523388574"

@88(1523388574) match in log on de1 inet from x.x.0.0/24 to ! <LANs_Sin_Limiters:5> label "USER_RULE: Limiter inteligente VLAN1 a INET" dnqueue(5, 1)

That rule gets triggered a lot, as that's the one that sets the limiters for the LAN adapter.

So, i went to the firewall logs, an checked the last 26 items logged there, to see which rules showed the dialog ok, and which ones had no text after the message "The rule that triggered the action is:", and found this:

I don't know if that image is very readable, so i'll copy the text here:

block	1000000103	yes	@9(1000000103) block drop in log inet all label "Default deny rule IPv4"

pass	1521734969	yes	@151(1521734969) pass in log quick on de1 inet from x.x.0.0/25 to any flags S/SA keep state label "USER_RULE: Permitir TODO de Servidores VLAN1 a ANY"

unkn(%u)	1523388574	NO	@88(1523388574) match in log on de1 inet from x.x.0.0/24 to ! <LANs_Sin_Limiters:5> label "USER_RULE: Limiter inteligente VLAN1 a INET" dnqueue(5, 1)

pass	1521734921	NO	@72(1521734921) pass log inet from <LANs_TH_Global:10> to <Servidores_TH_AR:1> flags S/SA keep state label "USER_RULE: Acceso TOTAL desde LANs de Oficinas TH a Servidores"

unkn(%u)	1521734925	NO	@76(1521734925) match log on de1 inet from <LANs_Devoto:3> to <LANs_Devoto:3> label "USER_RULE: Saltear traffic shaping para trafico interno." queue qLink

pass	1521734976	yes	@102(1521734976) pass in log quick on openvpn inet proto tcp from any to any port = domain flags S/SA keep state label "USER_RULE: Permite DNS desde OpenVPN a ANY."

pass	1521734981	yes	@155(1521734981) pass in log quick on de2 inet proto tcp from <PCs_Naveg_Full_V4:14> to x.x.4.60 port = domain flags S/SA keep state label "USER_RULE: NAT Si NAVEG_FULL me pide DNS, los reenvio a NEME..."

block	1521734908	yes	@61(1521734908) block return in log quick on de1 inet from <PCs_Bloqueadas:6> to ! <LANs_Devoto:3> label "USER_RULE: Bloquear navegación fuera de la empresa"

pass	1521734988	yes	@161(1521734988) pass in log quick on de2 inet proto tcp from x.x.4.0/24 to ! <LANs_TH_Global:10> port = http flags S/SA keep state label "USER_RULE: Acceso a internet para desarrollo."

unkn(%u)	1555510813	NO	@95(1555510813) match in log on de1 inet from any to <Destinos_Red_Baja_Prioridad:5> label "USER_RULE: Redes de Destino de Baja Prioridad Floating" dnqueue(8, 4) queue qP2P

unkn(%u)	1523388618	NO	@89(1523388618) match in log on de2 inet from x.x.4.0/24 to ! <LANs_Sin_Limiters:5> label "USER_RULE: Limiter inteligente DESARRO a INET" dnqueue(6, 2)

All the floating rules had the "almost empty" dialog, except rule 1521734908. That rule is the second on the list in Firewall/Rules/Floating.

Any idea about what could be causing this? I installed the firewall from scratch once, and loaded the rules from an older version. That seemed to work flawlessly, but maybe that caused the problem? It appeared around that time.

fsr

In case anyone has the same issue, i circunvented it by setting [Manage Firewall Log] -> [Where to show rule descriptions] to "Display as column". There, the rule descriptions do show correctly, as can be seen in the following screen capture:

The column with the "person icon" is the rule description column. I clicked in the green check mark to confirm that the rule didn't show the description in the popup.

regards