Rule ID vs Tracking ID
-
Hi all
Can anyone clarify the difference between Rule ID and Tracking ID, also would be appreciable if anyone can explain the use cases of both.
Thanks in advance.
-
Which IDs do you mean exactly?
This rule for example:
Appears in the ruleset (rules.debug) as:
pass in quick on $WAN reply-to ( em0 172.21.16.1 ) inet from any to any ridentifier 1664481272 keep state label "USER_RULE: Allow all ipv4+ipv6 via pfSsh.php" label "id:1664481272"And in the running rules as:
@86 pass in quick on em0 reply-to (em0 172.21.16.1) inet all flags S/SA keep state label "USER_RULE: Allow all ipv4+ipv6 via pfSsh.php" label "id:1664481272" ridentifier 1664481272 [ Evaluations: 230 Packets: 593 Bytes: 79110 States: 1 ] [ Inserted: uid 0 pid 20184 State Creations: 1 ] [ Last Active Time: Mon Jan 15 21:41:37 2024 ]And states created by it show as:
all tcp 172.21.16.184:22 <- 172.21.16.8:48666 ESTABLISHED:ESTABLISHED [2265314687 + 2147156224] wscale 7 [2857302096 + 65792] wscale 7 age 00:08:02, expires in 24:00:00, 328:354 pkts, 22905:64497 bytes, rule 86, log id: 0fa5a56500000000 creatorid: b766ae99 reply-to: 172.21.16.1@em0 origif: em0 -
Hi @stephenw10 i refer this rule id on diagnostics tab
-
Ah Ok those are the rule numbers, so
@86in my example above. You'd enter86there. -
Hi @stephenw10 at least for me it´s not already 100% clear could you please explain it?
Thanks in advance
-
If you want to filter the states by Rule ID you have to enter the rule numbers there.
You can see the rule numbers in the running ruleset by running:
pfctl -vvsr
For example:[23.09.1-RELEASE][root@7100.stevew.lan]/root: pfctl -vvsr @0 scrub from any to <vpn_networks:*> fragment no reassemble [ Evaluations: 39420 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @1 scrub from <vpn_networks:*> to any fragment no reassemble [ Evaluations: 39420 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @2 scrub on lagg0 inet all fragment reassemble [ Evaluations: 39420 Packets: 39368 Bytes: 310545 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @3 scrub on lagg0 inet6 all fragment reassemble [ Evaluations: 1 Packets: 1 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @4 scrub on ix2 inet all fragment reassemble [ Evaluations: 51 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @5 scrub on ix2 inet6 all fragment reassemble [ Evaluations: 2 Packets: 2 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @6 scrub on lagg1 inet all fragment reassemble [ Evaluations: 49 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @7 scrub on lagg1 inet6 all fragment reassemble [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @0 anchor "openvpn/*" all [ Evaluations: 813 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @1 anchor "ipsec/*" all [ Evaluations: 813 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @2 block drop in log quick inet from 169.254.0.0/16 to any label "Block IPv4 link-local" ridentifier 1000000101 [ Evaluations: 813 Packets: 12 Bytes: 1152 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: Tue Jan 16 15:19:53 2024 ] @3 block drop in log quick inet from any to 169.254.0.0/16 label "Block IPv4 link-local" ridentifier 1000000102 [ Evaluations: 23 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @4 block drop in log inet all label "Default deny rule IPv4" ridentifier 1000000103 [ Evaluations: 23 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @5 block drop out log inet all label "Default deny rule IPv4" ridentifier 1000000104 [ Evaluations: 800 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @6 block drop in log inet6 all label "Default deny rule IPv6" ridentifier 1000000105 [ Evaluations: 801 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @7 block drop out log inet6 all label "Default deny rule IPv6" ridentifier 1000000106 [ Evaluations: 778 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @8 pass quick inet6 proto ipv6-icmp all icmp6-type unreach keep state ridentifier 1000000107 [ Evaluations: 4 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @9 pass quick inet6 proto ipv6-icmp all icmp6-type toobig keep state ridentifier 1000000107 [ Evaluations: 4 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @10 pass quick inet6 proto ipv6-icmp all icmp6-type neighbrsol keep state ridentifier 1000000107 [ Evaluations: 4 Packets: 1 Bytes: 72 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @11 pass quick inet6 proto ipv6-icmp all icmp6-type neighbradv keep state ridentifier 1000000107 [ Evaluations: 3 Packets: 1 Bytes: 72 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 1 ] [ Last Active Time: N/A ] @12 pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type echorep keep state ridentifier 1000000108 [ Evaluations: 2 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @13 pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routersol keep state ridentifier 1000000108 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @14 pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routeradv keep state ridentifier 1000000108 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @15 pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbrsol keep state ridentifier 1000000108 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @16 pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbradv keep state ridentifier 1000000108 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @17 pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type echorep keep state ridentifier 1000000109 [ Evaluations: 1 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @18 pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routersol keep state ridentifier 1000000109 [ Evaluations: 1 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @19 pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routeradv keep state ridentifier 1000000109 [ Evaluations: 1 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @20 pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbrsol keep state ridentifier 1000000109 [ Evaluations: 1 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @21 pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbradv keep state ridentifier 1000000109 [ Evaluations: 1 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @22 pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type echoreq keep state ridentifier 1000000110 [ Evaluations: 1 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @23 pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routersol keep state ridentifier 1000000110 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @24 pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routeradv keep state ridentifier 1000000110 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @25 pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbrsol keep state ridentifier 1000000110 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @26 pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbradv keep state ridentifier 1000000110 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @27 pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type echoreq keep state ridentifier 1000000111 [ Evaluations: 1 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @28 pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type routersol keep state ridentifier 1000000111 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @29 pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type routeradv keep state ridentifier 1000000111 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @30 pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type neighbrsol keep state ridentifier 1000000111 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @31 pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type neighbradv keep state ridentifier 1000000111 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @32 pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type echoreq keep state ridentifier 1000000112 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @33 pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routersol keep state ridentifier 1000000112 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @34 pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routeradv keep state ridentifier 1000000112 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @35 pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbrsol keep state ridentifier 1000000112 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @36 pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbradv keep state ridentifier 1000000112 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @37 pass in quick inet6 proto ipv6-icmp from :: to ff02::/16 icmp6-type echoreq keep state ridentifier 1000000113 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @38 pass in quick inet6 proto ipv6-icmp from :: to ff02::/16 icmp6-type routersol keep state ridentifier 1000000113 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @39 pass in quick inet6 proto ipv6-icmp from :: to ff02::/16 icmp6-type routeradv keep state ridentifier 1000000113 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @40 pass in quick inet6 proto ipv6-icmp from :: to ff02::/16 icmp6-type neighbrsol keep state ridentifier 1000000113 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @41 pass in quick inet6 proto ipv6-icmp from :: to ff02::/16 icmp6-type neighbradv keep state ridentifier 1000000113 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @42 block drop log quick inet proto tcp from any port = 0 to any label "Block traffic from port 0" ridentifier 1000000114 [ Evaluations: 799 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @43 block drop log quick inet proto udp from any port = 0 to any label "Block traffic from port 0" ridentifier 1000000114 [ Evaluations: 753 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @44 block drop log quick inet proto tcp from any to any port = 0 label "Block traffic to port 0" ridentifier 1000000115 [ Evaluations: 797 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @45 block drop log quick inet proto udp from any to any port = 0 label "Block traffic to port 0" ridentifier 1000000115 [ Evaluations: 753 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @46 block drop log quick inet6 proto tcp from any port = 0 to any label "Block traffic from port 0" ridentifier 1000000116 [ Evaluations: 799 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @47 block drop log quick inet6 proto udp from any port = 0 to any label "Block traffic from port 0" ridentifier 1000000116 [ Evaluations: 2 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @48 block drop log quick inet6 proto tcp from any to any port = 0 label "Block traffic to port 0" ridentifier 1000000117 [ Evaluations: 2 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @49 block drop log quick inet6 proto udp from any to any port = 0 label "Block traffic to port 0" ridentifier 1000000117 [ Evaluations: 2 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @50 block drop log quick from <snort2c:0> to any label "Block snort2c hosts" ridentifier 1000000118 [ Evaluations: 799 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @51 block drop log quick from any to <snort2c:0> label "Block snort2c hosts" ridentifier 1000000119 [ Evaluations: 799 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @52 block drop in log quick proto tcp from <sshguard:0> to (self:11) port = ssh label "sshguard" ridentifier 1000000301 [ Evaluations: 799 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @53 block drop in log quick proto tcp from <sshguard:0> to (self:11) port = https label "GUI Lockout" ridentifier 1000000351 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @54 block drop in log quick from <virusprot:0> to any label "virusprot overload table" ridentifier 1000000400 [ Evaluations: 23 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @55 pass in quick on lagg0 proto udp from any port = bootps to any port = bootpc keep state label "allow dhcp replies in WAN" ridentifier 1000000461 [ Evaluations: 23 Packets: 2 Bytes: 656 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 1 ] [ Last Active Time: Tue Jan 16 14:11:54 2024 ] @56 pass out quick on lagg0 proto udp from any port = bootpc to any port = bootps keep state label "allow dhcp client out WAN" ridentifier 1000000462 [ Evaluations: 784 Packets: 4 Bytes: 1312 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 2 ] [ Last Active Time: Tue Jan 16 15:59:01 2024 ] @57 block drop in log on ! lagg0 inet from 172.21.16.0/24 to any ridentifier 1000001470 [ Evaluations: 796 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @58 block drop in log inet from 172.21.16.120 to any ridentifier 1000001470 [ Evaluations: 782 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @59 block drop in log on lagg0 inet6 from fe80::2e0:edff:fe86:a68c to any ridentifier 1000001470 [ Evaluations: 22 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @60 block drop in log on ! ix2 inet from 192.168.88.0/24 to any ridentifier 1000002520 [ Evaluations: 22 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @61 block drop in log inet from 192.168.88.1 to any ridentifier 1000002520 [ Evaluations: 22 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @62 block drop in log on ix2 inet6 from fe80::208:a2ff:fe0e:a593 to any ridentifier 1000002520 [ Evaluations: 22 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @63 pass in quick on ix2 inet proto udp from any port = bootpc to 255.255.255.255 port = bootps keep state label "allow access to DHCP server" ridentifier 1000002541 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @64 pass in quick on ix2 inet proto udp from any port = bootpc to 192.168.88.1 port = bootps keep state label "allow access to DHCP server" ridentifier 1000002542 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @65 pass out quick on ix2 inet proto udp from 192.168.88.1 port = bootps to any port = bootpc keep state label "allow access to DHCP server" ridentifier 1000002543 [ Evaluations: 774 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @66 pass in on lo0 inet all flags S/SA keep state label "pass IPv4 loopback" ridentifier 1000004661 [ Evaluations: 794 Packets: 23 Bytes: 2226 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 11 ] [ Last Active Time: Tue Jan 16 13:59:27 2024 ] @67 pass out on lo0 inet all flags S/SA keep state label "pass IPv4 loopback" ridentifier 1000004662 [ Evaluations: 24 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @68 pass in on lo0 inet6 all flags S/SA keep state label "pass IPv6 loopback" ridentifier 1000004663 [ Evaluations: 26 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @69 pass out on lo0 inet6 all flags S/SA keep state label "pass IPv6 loopback" ridentifier 1000004664 [ Evaluations: 12 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @70 pass out inet all flags S/SA keep state allow-opts label "let out anything IPv4 from firewall host itself" ridentifier 1000004665 [ Evaluations: 796 Packets: 92 Bytes: 23856 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 13 ] [ Last Active Time: Tue Jan 16 15:41:40 2024 ] @71 pass out inet6 all flags S/SA keep state allow-opts label "let out anything IPv6 from firewall host itself" ridentifier 1000004666 [ Evaluations: 774 Packets: 2 Bytes: 172 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @72 pass out route-to (lagg0 172.21.16.1) inet from 172.21.16.120 to ! 172.21.16.0/24 flags S/SA keep state allow-opts label "let out anything from firewall host itself" ridentifier 1000004761 [ Evaluations: 774 Packets: 2338 Bytes: 448008 States: 3 ] [ Inserted: uid 0 pid 46270 State Creations: 743 ] [ Last Active Time: Tue Jan 16 16:37:23 2024 ] @73 pass in quick on ix2 proto tcp from any to (ix2:2) port = https flags S/SA keep state label "anti-lockout rule" ridentifier 10002 [ Evaluations: 796 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @74 pass in quick on ix2 proto tcp from any to (ix2:2) port = http flags S/SA keep state label "anti-lockout rule" ridentifier 10002 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @75 pass in quick on ix2 proto tcp from any to (ix2:2) port = ssh flags S/SA keep state label "anti-lockout rule" ridentifier 10002 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @76 anchor "userrules/*" all [ Evaluations: 796 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @77 pass in quick on lagg0 reply-to (lagg0 172.21.16.1) inet all flags S/SA keep state label "USER_RULE: Allow all ipv4+ipv6 via pfSsh.php" label "id:1533055761" ridentifier 1533055761 [ Evaluations: 796 Packets: 40 Bytes: 25177 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 10 ] [ Last Active Time: Tue Jan 16 16:04:08 2024 ] @78 pass in quick on lagg0 inet6 all flags S/SA keep state label "USER_RULE: Allow all ipv4+ipv6 via pfSsh.php" label "id:1533055761" ridentifier 1533055761 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @79 pass in quick on lagg0 reply-to (lagg0 172.21.16.1) inet proto icmp from <WAN__NETWORK:1> to 172.21.16.120 keep state label "USER_RULE: Allow ping" label "id:1559646116" ridentifier 1559646116 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @80 pass in quick on ix2 inet from <LAN__NETWORK:1> to any flags S/SA keep state label "USER_RULE: Default allow LAN to any rule" label "id:0100000101" ridentifier 100000101 [ Evaluations: 26 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ] @81 anchor "tftp-proxy/*" all [ Evaluations: 786 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 46270 State Creations: 0 ] [ Last Active Time: N/A ]From the Firewall > Rules page in the GUI you can click on the state column for each individual rule and it will automatically fill in the RuleID in the state table filtering.
Steve
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.