Bug: Floating "Match" rules are showing as "Pass" in the overview

ConfusedUser

Hi All,

All my floating rules are "Match" rules but they are showing as "Pass" in the GUI overview (see screenshot).
I had a strange behavior where traffic was allowed that shouldn't be and I found out I accidentally set a floating rule to "pass" instead of "match" and there is no way to see the difference when I view the floating rules tab.

Unless this is something wrong limited to my pfSense box (I don't expect that) I consider this as a severe bug. In my opinion a ruleset is the most important part of a firewall and should be correctly showing what is going on.

Thanks,
Mike

Clipboard03.jpg_thumb

jimp

That's normal; Match does not yet have its own icon.

ConfusedUser

Thanks, I noticed that - that's why I created that post.
"Match" and "pass" is something completely different. Showing it with the same icon is not a good idea. Is it something that can be fixed directly in PHP? Or would that require some to compile some code?

jimp

More graphic design than anything. There is no icon of another color to use. So someone will have to come up with a new color/icon style to indicate "match" and then add some code to use it on the rules in the PHP page that renders the floating rules.

ConfusedUser

Thank you!
That was a pretty simple change. Results and icons below. Now "match" rules are no longer shown as "pass". They now have their own icons.

I use the theme pfsense_ng.
For those who want to add the functionality these are the simple changes I have done (keep in mind that any updates will likely destroy the functionality and revert back to "match" and "pass" rules both showing as "pass"):

1. copy icon_match.gif and icon_match_d.gif to /usr/local/www/themes/pfsense_ng/images/icons

2. Edit /usr/local/www/firewall_rules.php and change the following lines:
Around line 570 add the two lines marked in red:
if ($filterent['type'] == "block")
$iconfn = "block";
else if ($filterent['type'] == "reject")
$iconfn = "reject";
else if ($filterent['type'] == "match")
$iconfn = "match";
else
$iconfn = "pass";

Around lines 840 add and change the following lines:

![pass](./themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif)

![match](./themes/<?= $g['theme']; ?>/images/icons/icon_match.gif)

![block](./themes/<?= $g['theme']; ?>/images/icons/icon_block.gif)

![reject](./themes/<?= $g['theme']; ?>/images/icons/icon_reject.gif)

![log](./themes/<?= $g['theme']; ?>/images/icons/icon_log.gif)

![pass disabled](./themes/<?= $g['theme']; ?>/images/icons/icon_pass_d.gif)

![match disabled](./themes/<?= $g['theme']; ?>/images/icons/icon_match_d.gif)

![block disabled](./themes/<?= $g['theme']; ?>/images/icons/icon_block_d.gif)

![reject disabled](./themes/<?= $g['theme']; ?>/images/icons/icon_reject_d.gif)

![log disabled](./themes/<?= $g['theme']; ?>/images/icons/icon_log_d.gif)

Clipboard01.jpg_thumb

Supermule

Good work!

ConfusedUser

@Supermule:

Good work!

Thank you! :)

Btw, I forgot to mention something. Not sure how copyrights for simple things like icons are treated here and as I am very careful to not violate any copyrights from someone else:
The two icons are created by myself and they are free to use/distribute/modify/whatever. No copyrights or any other restrictions.

jimp

You should submit that as a pull request on github. :)

ConfusedUser

@jimp:

You should submit that as a pull request on github. :)

I would… but I have no clue how to do that. I'm even struggling to download sources from Github so certainly I have no idea how to submit a pull request. :'(

Exolon

Pull request #1154
https://github.com/pfsense/pfsense/pull/1154

ConfusedUser

@Exolon:

Pull request #1154
https://github.com/pfsense/pfsense/pull/1154

Thank you!!!

router_wang

@ConfusedUser:

Thank you!
That was a pretty simple change. Results and icons below. Now "match" rules are no longer shown as "pass". They now have their own icons….

AWESOME JOB MAN!!!!