The rule that triggered this action is blank
-
Hello all,
I am trying to troubleshoot an issue and I have a question regarding the Systems logs.
I click on the red x to check a random Block and see the rule name:
When I choose any Pass in the log I see the same thing - no rule name:
which makes it difficult to troubleshoot.
Is this working as expected or do I have an underlying issue?2.4.4-RELEASE-p2 (amd64)
built on Wed Dec 12 07:40:18 EST 2018
FreeBSD 11.2-RELEASE-p6cheers
-
You might want to update, you are not current on your version 2.4.5p1 is current
Working here.. I have to assume your on older version of pfblocker as well if your pfsense is like a year out of date.
Current version of pfblocker is
pfBlockerNG-devel net 3.0.0_6 -
OK thanks John - I've been putting it off as the company is working from home so totally reliant on the firewall. I can't afford for it to go wrong! Nor can I get my hands on our duplicate/test pfsense box to test it first.
I've updated many times over the years without issue but hey - it's 2020 so who knows? Can you put my mind at rest that upgrading to 2.4.5_1 hasn't caused issues with others?
cheers
Rob -
So I can somewhat duplicate your problem - if I delete the rule after something has been logged.
I created a test rule, set to log.. Then hit it from outside to generate a log entry..
I then deleted the rule.. And while I still see the number of the rule in the log
If I click on it - I just get this
Is it possible the rule that allowed the traffic has been deleted.. Do you have your log set to show the rule id?
-
Sorry for the delay - the log does indeed show the rule numbers but now I can't see any positives so will need to do some testing.
That does however make perfect sense, that it's an old rule. I'm presuming I can drop into a shell and find the "offending" rule once identified?
-
If the rule was not deleted you can find it sure..
pfctl -vvsr
Would show you ID numbers.
