FW log "Act" info sometimes incorrect



  • When I press the 'Act' indicator for an entry in the firewall log - System Logs: Firewall, many entries gives incorrect info back - but not all. Since I have pretty descriptive names on my FW rules I can quite easily recognize many of them even if the pf stuff is somewhat cryptic.

    At first I was really confused, I have a few test rules, one is to log allowed access to www from one interface and when looking at what triggered that log entry it gave me the response that it was a rule from another interface!

    Can someone tell me if there could be an issue here or if I'm misunderstanding something or what.

    One reason I ask is my somewhat random problems with some packages, imspector, captive portal etc.  I'm trying to figure out whether I should perform a fresh install or not I guess.

    Cheers,


  • Rebel Alliance Developer Netgate

    The rules are, unfortunately (for this task), dynamic, and the only way to match is line number, which isn't static due to this fact.

    If something adds a rule, that would make the rest of the rule entries off by one or more. At the time it was logged, a rule could have been (for example) @37, but if something adds or removes a rule higher in the list, it could later be @42 or @35, etc.



  • Ok, good, sort of, it doesn't indicate any problems in itself then.

    Thanx,


Locked