Rule with schedule showing "s:<big-number>" as description

fsr

Hi,

I wanted to share something that i found in pfsense community 2.6.0-RELEASE (amd64).

When a rule has a schedule configured, instead of showing the user-created description in the firewall log, it shows something like "s:61b56f3d0a9b4" as description. If i remove the schedule, all is normal.

Two nearly-identical rules (only difference is that one has a schedule) show like this in pfctl:

pfctl -vvsr | grep -i "permitir todo de lan a external"

@51(0) pass in log quick on hn1 inet from 192.168.120.0/24 to ! 192.168.120.0/24 flags S/SA keep state label "s:<edited>" label "USER_RULE: Permitir Todo de LAN a EXTERNAL (con limiter y sc..." dnpipe(4, 3) ridentifier <edited>

@52(0) pass in log quick on hn1 inet from 192.168.120.0/24 to ! 192.168.120.0/24 flags S/SA keep state label "USER_RULE: 2Permitir Todo de LAN a EXTERNAL (con limiter y s..." dnpipe(4, 3) ridentifier <edited>

It seems to me like the schedule adds an additional label to the rule, and the firewall log is showing that label instead of the one with the user-defined description, because the "schedule label" is the first one.

Is anyone else getting this kind of behaviour, or is it something about this particular installation?

Regards

jimp

That's a side effect of how schedules are handled these days. The methods of fetching rule labels are not quite right there, but it's fixed on snapshots:

https://redmine.pfsense.org/issues/13155 -- that alone wouldn't apply to 2.6.0 since there are a lot of other changes around after 2.6.0 there. Though schedules are not mentioned it's the same root problem since schedules are handled through an additional rule labels on 2.6.x.