Firewall logs out of sync after a rules update
-
I just wanted to report a bug.
If you are reviewing the firewall log and see blocked ip's with the rule that triggered it wrong. It is because during a filter update. (such as changing a rule) It seems to need to resync the messages with the blocked ip list. And can be shifted up.For a few seconds the log will have N/A then a if you refresh the screen the log messages will re-appear and the log will not match the messages anymore.
Clearing the log and watching new blocks come in will be correct.
-
Yes, this is a known "feature". The rule number to description lookup uses the current rule list, but if it is an old log entry then the rule number in that log entry can (and often will) match to a different rule in the current set, particularly when rule/s have been added or deleted. There is no code to remember old rule sets and match up old log entries with the old rule set.
-
We are tinkering with a way to have a consistent static rule ID to let us match things up better over time. It might make 2.2 if all goes well.