problem with tracking id log. It never changes
-
Except the default deny rule has a fixed ID and that isn't it. So more likely a custom block rule or maybe something from pfBlocker.
-
@stephenw10 true.. But if the rule is active then it would have to be in the rule list.. I don't see logging with an ID that isn't actually there, etc.
-
Exactly. One issue can be log showing against the wrong rule description because the rule IDs are parsed when the logs are displayed not when the connection happened. Though that isn't case here.
That ID number looks out of place though, I wonder if it was changed somehow.
-
Good morning.
If it were a custom blocking rule, I would have to identify it in the command: pfctl -sa | grep 4294967295
I can't find any rules with this id and I can't get the log view back with the right ids.
The service pfblocker is disabled.
I can test in other firewall this configuration and try to update at devel release 2.7.X ?What's your advice?
Thanks. Andrea.
-
Something in my head tells me there was an issue with "firewall & track IDs".
It was way back, was it 2.6.0 ?
Nothing in the System Patches (pfSense package) ?No "help me" PM's please. Use the forum, the community will thank you.
Edit : and where are the logs ?? -
My version is :
2.6.0-RELEASE (amd64)
built on Mon Jan 31 19:57:53 UTC 2022
FreeBSD 12.3-STABLEBut I've had this problem for about 1 month and the firmware version has been around for about 5 months.
-
@gertjan said in problem with tracking id log. It never changes:
there was an issue with "firewall & track IDs".
Wasn't there an issue with copy of firewall rules not creating new IDs - I don't recall an issue with non-existing IDs being logged..
-
@johnpoz
Anyway never seen such a high rule ID number. So if it was not generated by a certain package, I suspect, there must be something went pretty wrong at the rule generation.To resolve, I would try to export the config, search for this rule ID in it. If it isn't there, reinstall pfSense and import the config again and hope, that the issue doesn't come back.
-
I exported the configuration and inside I can't find any id with number: 4294967295, now I'll try to restore the configuration on a different hardware and see if I'm carrying the log problem.
Thanks
-
@charneval said in problem with tracking id log. It never changes:
I can't find any id with number: 4294967295
That particular number is special. It is the decimal representation of the largest unsigned integer that will fit within a 32-bit word (when expressed in binary). See here: https://en.wikipedia.org/wiki/4,294,967,295. So, my guess is an integer variable is corrupted or overflowed. I don't have a guess as to why, though.
-
Hi.
For a test I force a reinstall of all packages using pkg upgrade -fy
but after the reboot I can't open the web consolle.
In ssh the firewall responds and works properly.How can I restore access via web page?
-
@charneval
Troubleshooting Access when Locked Out of the FirewallDisable the filter, then login in and check the rules.
-
@viragomann
I'm connecting remotely to the firewall via ssh and I don't want this operation to give me later problems so I prefer to do it on site.
The firewall has many rules and many client at the moment connected.
Currently I don't know if reconfiguring the packages solved my logging problem but I will try to check as soon as possible. -
That. And also try restating php then the webgui from the menu.
-
I solved the problem by reinstalling the firewall with version 2.6.0 and reloading an old backup.
But I realized that the package reinstall solution ( pkg upgrade -fy ) solved the log problem but blocked me from accessing the web page.
Thanks.
