Bug: Floating "Match" rules are showing as "Pass" in the overview



  • Hi All,

    All my floating rules are "Match" rules but they are showing as "Pass" in the GUI overview (see screenshot).
    I had a strange behavior where traffic was allowed that shouldn't be and I found out I accidentally set a floating rule to "pass" instead of "match" and there is no way to see the difference when I view the floating rules tab.

    Unless this is something wrong limited to my pfSense box (I don't expect that) I consider this as a severe bug. In my opinion a ruleset is the most important part of a firewall and should be correctly showing what is going on.

    Thanks,
    Mike


  • Rebel Alliance Developer Netgate

    That's normal; Match does not yet have its own icon.



  • Thanks, I noticed that - that's why I created that post.
    "Match" and "pass" is something completely different. Showing it with the same icon is not a good idea. Is it something that can be fixed directly in PHP? Or would that require some to compile some code?


  • Rebel Alliance Developer Netgate

    More graphic design than anything. There is no icon of another color to use. So someone will have to come up with a new color/icon style to indicate "match" and then add some code to use it on the rules in the PHP page that renders the floating rules.



  • Thank you!
    That was a pretty simple change. Results and icons below. Now "match" rules are no longer shown as "pass". They now have their own icons.

    I use the theme pfsense_ng.
    For those who want to add the functionality these are the simple changes I have done (keep in mind that any updates will likely destroy the functionality and revert back to "match" and "pass" rules both showing as "pass"):

    1. copy icon_match.gif and icon_match_d.gif to /usr/local/www/themes/pfsense_ng/images/icons

    2. Edit /usr/local/www/firewall_rules.php and change the following lines:
    Around line 570 add the two lines marked in red:
    if ($filterent['type'] == "block")
    $iconfn = "block";
    else if ($filterent['type'] == "reject")
    $iconfn = "reject";
    else if ($filterent['type'] == "match")
    $iconfn = "match";
    else
    $iconfn = "pass";

    Around lines 840 add and change the following lines:

    ![pass](./themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif)

    ![match](./themes/<?= $g['theme']; ?>/images/icons/icon_match.gif)

    ![block](./themes/<?= $g['theme']; ?>/images/icons/icon_block.gif)

    ![reject](./themes/<?= $g['theme']; ?>/images/icons/icon_reject.gif)

    ![log](./themes/<?= $g['theme']; ?>/images/icons/icon_log.gif)

    ![pass disabled](./themes/<?= $g['theme']; ?>/images/icons/icon_pass_d.gif)

    ![match disabled](./themes/<?= $g['theme']; ?>/images/icons/icon_match_d.gif)

    ![block disabled](./themes/<?= $g['theme']; ?>/images/icons/icon_block_d.gif)

    ![reject disabled](./themes/<?= $g['theme']; ?>/images/icons/icon_reject_d.gif)

    ![log disabled](./themes/<?= $g['theme']; ?>/images/icons/icon_log_d.gif)





  • Banned

    Good work!



  • @Supermule:

    Good work!

    Thank you!  :)

    Btw, I forgot to mention something. Not sure how copyrights for simple things like icons are treated here and as I am very careful to not violate any copyrights from someone else:
    The two icons are created by myself and they are free to use/distribute/modify/whatever. No copyrights or any other restrictions.


  • Rebel Alliance Developer Netgate

    You should submit that as a pull request on github.  :)



  • @jimp:

    You should submit that as a pull request on github.  :)

    I would… but I have no clue how to do that. I'm even struggling to download sources from Github so certainly I have no idea how to submit a pull request.  :'(





  • @Exolon:

    Pull request #1154
    https://github.com/pfsense/pfsense/pull/1154

    Thank you!!!



  • @ConfusedUser:

    Thank you!
    That was a pretty simple change. Results and icons below. Now "match" rules are no longer shown as "pass". They now have their own icons….

    AWESOME JOB MAN!!!!


Log in to reply