Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    No states show up when filtering by TrackerID

    Scheduled Pinned Locked Moved
    General pfSense Questions
    3
    11
    556
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      michmoor LAYER 8 Rebel Alliance
      last edited by michmoor

      Under Diagnostics /states /States
      When i put in the RuleID of a firewall rule that has states and search for the states matching the rule nothing comes up. See below
      I am on pfSense 23.09.1
      Am i doing this correctly?

      448b7136-e596-4867-bfdd-4a737786f8d4-image.png

      fececcb4-8060-4577-94a5-430b3714afd8-image.png

      8e5973df-7904-4c82-9640-1332759cb9cb-image.png

      Firewall: NetGate,Palo Alto-VM,Juniper SRX
      Routing: Juniper, Arista, Cisco
      Switching: Juniper, Arista, Cisco
      Wireless: Unifi, Aruba IAP
      JNCIP,CCNP Enterprise

      P 1 Reply Last reply Reply Quote 0
      • P
        pst @michmoor
        last edited by

        @michmoor said in No states show up when filtering by TrackerID:

        Am i doing this correctly?

        I think the Tracking Id and Rule Id are two different things. If you hover over the states information in the firewall rule it show the link to the diag_dump_states which uses the Rules Id whereas the pop-up window shows the Tracking Id.

        M 1 Reply Last reply Reply Quote 0
        • M
          michmoor LAYER 8 Rebel Alliance @pst
          last edited by

          @pst
          Its the same id

          d7bbfc41-5124-40d2-8678-2b5b47246cab-image.png

          Are you seeing the same issue when searching for states matching the id?

          Firewall: NetGate,Palo Alto-VM,Juniper SRX
          Routing: Juniper, Arista, Cisco
          Switching: Juniper, Arista, Cisco
          Wireless: Unifi, Aruba IAP
          JNCIP,CCNP Enterprise

          P 1 Reply Last reply Reply Quote 0
          • P
            pst @michmoor
            last edited by

            @michmoor it's not the same for me:

            6c1aa6e1-8671-4f65-bda3-f06c45a94cf1-image.png

            M 1 Reply Last reply Reply Quote 0
            • M
              michmoor LAYER 8 Rebel Alliance @pst
              last edited by

              @pst Ohhhhhhhhh
              In the url that comes up at the bottom.
              Do you know if that shows up anywhere in the GUI thats easier to spot?

              Firewall: NetGate,Palo Alto-VM,Juniper SRX
              Routing: Juniper, Arista, Cisco
              Switching: Juniper, Arista, Cisco
              Wireless: Unifi, Aruba IAP
              JNCIP,CCNP Enterprise

              P 1 Reply Last reply Reply Quote 0
              • P
                pst @michmoor
                last edited by

                @michmoor sorry I have no idea. Just thought I'd share my findings as I did the same head-scratcher a while back. Hopefully someone else can explain the mapping between the two Ids.

                M 1 Reply Last reply Reply Quote 1
                • M
                  michmoor LAYER 8 Rebel Alliance @pst
                  last edited by

                  @pst Thats a nice catch. I wouldve never known to look there.
                  Thanks so much !

                  Firewall: NetGate,Palo Alto-VM,Juniper SRX
                  Routing: Juniper, Arista, Cisco
                  Switching: Juniper, Arista, Cisco
                  Wireless: Unifi, Aruba IAP
                  JNCIP,CCNP Enterprise

                  1 Reply Last reply Reply Quote 1
                  • stephenw10S
                    stephenw10 Netgate Administrator
                    last edited by

                    You can just click on that link to get the correctly filtered state table.

                    M 1 Reply Last reply Reply Quote 0
                    • M
                      michmoor LAYER 8 Rebel Alliance @stephenw10
                      last edited by

                      @stephenw10
                      True that works.
                      So the "issue" is that if you happen to go straight into the Diag /States menu there is no logical way to know what the Rule ID would be unless you go to the Firewall rules and click on the link. To me there is no visual difference to know that Rule ID and Tracker ID are different things. This is more of a discoverability problem.
                      At the very least the Diag screen should give a hint as to where to find Rule ID - A blue info icon maybe?

                      Then there is the other piece of filtering. If i put in the Rule ID i can only filter individual states whereas in my filter expression if i put in an IP address i can kill all states for that IP. Is there a reason for the discrepency ?

                      Firewall: NetGate,Palo Alto-VM,Juniper SRX
                      Routing: Juniper, Arista, Cisco
                      Switching: Juniper, Arista, Cisco
                      Wireless: Unifi, Aruba IAP
                      JNCIP,CCNP Enterprise

                      1 Reply Last reply Reply Quote 0
                      • stephenw10S
                        stephenw10 Netgate Administrator
                        last edited by

                        It's the pf rule number. So you can see it in Diag > pftop, 'rules' view. Or the output of pfctl -vvsr.

                        1 Reply Last reply Reply Quote 0
                        • stephenw10S
                          stephenw10 Netgate Administrator
                          last edited by

                          Killing states by ruleID, or lack thereof, is probably a legacy option. pfctl has been extended a lot since pfSense was released.

                          Or it could be that the ruleID field itself is quite new. That used to be hidden so killing states by it would have been confusing at best.

                          It looks like pfctl can kill states by ruleID now so that could be a feature request.

                          1 Reply Last reply Reply Quote 1
                          • First post
                            Last post