Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Bug: Floating "Match" rules are showing as "Pass" in the overview

    Scheduled Pinned Locked Moved Firewalling
    12 Posts 5 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      ConfusedUser
      last edited by

      Hi All,

      All my floating rules are "Match" rules but they are showing as "Pass" in the GUI overview (see screenshot).
      I had a strange behavior where traffic was allowed that shouldn't be and I found out I accidentally set a floating rule to "pass" instead of "match" and there is no way to see the difference when I view the floating rules tab.

      Unless this is something wrong limited to my pfSense box (I don't expect that) I consider this as a severe bug. In my opinion a ruleset is the most important part of a firewall and should be correctly showing what is going on.

      Thanks,
      Mike
      Clipboard03.jpg
      Clipboard03.jpg_thumb

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        That's normal; Match does not yet have its own icon.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • C
          ConfusedUser
          last edited by

          Thanks, I noticed that - that's why I created that post.
          "Match" and "pass" is something completely different. Showing it with the same icon is not a good idea. Is it something that can be fixed directly in PHP? Or would that require some to compile some code?

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            More graphic design than anything. There is no icon of another color to use. So someone will have to come up with a new color/icon style to indicate "match" and then add some code to use it on the rules in the PHP page that renders the floating rules.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • C
              ConfusedUser
              last edited by

              Thank you!
              That was a pretty simple change. Results and icons below. Now "match" rules are no longer shown as "pass". They now have their own icons.

              I use the theme pfsense_ng.
              For those who want to add the functionality these are the simple changes I have done (keep in mind that any updates will likely destroy the functionality and revert back to "match" and "pass" rules both showing as "pass"):

              1. copy icon_match.gif and icon_match_d.gif to /usr/local/www/themes/pfsense_ng/images/icons

              2. Edit /usr/local/www/firewall_rules.php and change the following lines:
              Around line 570 add the two lines marked in red:
              if ($filterent['type'] == "block")
              $iconfn = "block";
              else if ($filterent['type'] == "reject")
              $iconfn = "reject";
              else if ($filterent['type'] == "match")
              $iconfn = "match";
              else
              $iconfn = "pass";

              Around lines 840 add and change the following lines:

              ![pass](./themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif)

              ![match](./themes/<?= $g['theme']; ?>/images/icons/icon_match.gif)

              ![block](./themes/<?= $g['theme']; ?>/images/icons/icon_block.gif)

              ![reject](./themes/<?= $g['theme']; ?>/images/icons/icon_reject.gif)

              ![log](./themes/<?= $g['theme']; ?>/images/icons/icon_log.gif)

              ![pass disabled](./themes/<?= $g['theme']; ?>/images/icons/icon_pass_d.gif)

              ![match disabled](./themes/<?= $g['theme']; ?>/images/icons/icon_match_d.gif)

              ![block disabled](./themes/<?= $g['theme']; ?>/images/icons/icon_block_d.gif)

              ![reject disabled](./themes/<?= $g['theme']; ?>/images/icons/icon_reject_d.gif)

              ![log disabled](./themes/<?= $g['theme']; ?>/images/icons/icon_log_d.gif)

              Clipboard01.jpg
              Clipboard01.jpg_thumb
              icon_match.gif
              icon_match_d.gif

              1 Reply Last reply Reply Quote 0
              • S
                Supermule Banned
                last edited by

                Good work!

                1 Reply Last reply Reply Quote 0
                • C
                  ConfusedUser
                  last edited by

                  @Supermule:

                  Good work!

                  Thank you!  :)

                  Btw, I forgot to mention something. Not sure how copyrights for simple things like icons are treated here and as I am very careful to not violate any copyrights from someone else:
                  The two icons are created by myself and they are free to use/distribute/modify/whatever. No copyrights or any other restrictions.

                  1 Reply Last reply Reply Quote 0
                  • jimpJ
                    jimp Rebel Alliance Developer Netgate
                    last edited by

                    You should submit that as a pull request on github.  :)

                    Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                    Need help fast? Netgate Global Support!

                    Do not Chat/PM for help!

                    1 Reply Last reply Reply Quote 0
                    • C
                      ConfusedUser
                      last edited by

                      @jimp:

                      You should submit that as a pull request on github.  :)

                      I would… but I have no clue how to do that. I'm even struggling to download sources from Github so certainly I have no idea how to submit a pull request.  :'(

                      1 Reply Last reply Reply Quote 0
                      • ExolonE
                        Exolon
                        last edited by

                        Pull request #1154
                        https://github.com/pfsense/pfsense/pull/1154

                        1 Reply Last reply Reply Quote 0
                        • C
                          ConfusedUser
                          last edited by

                          @Exolon:

                          Pull request #1154
                          https://github.com/pfsense/pfsense/pull/1154

                          Thank you!!!

                          1 Reply Last reply Reply Quote 0
                          • R
                            router_wang
                            last edited by

                            @ConfusedUser:

                            Thank you!
                            That was a pretty simple change. Results and icons below. Now "match" rules are no longer shown as "pass". They now have their own icons….

                            AWESOME JOB MAN!!!!

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.