Issues / Complaints with firewall log display
-
Hi,
I've noticed several issues with the firewall log displays in pfSense. Some are regressions, I believe, while some are marked WONTFIX and I take issue with that. Below are my findings.
Regression 2.1 RC0 -> 2.1.3: Firewall logs don't show names of rules
I just upgraded, and the firewall names (sometimes useless though they are, see below) have disappeared. Now, only the interface is shown in the log.
Bug: Reject rules show up in the logs with the red "block" symbol
I believe traffic triggered by reject rules should have the yellow X beside them to better indicate the action taken.
Feature request: Make the firewall log rule names consistent
When security policy changes in the pfsense firewall, the log information on the rule name shifts, giving inaccurate information. I have seen several posts suggesting that this is a WONTFIX, and that's just the nature of the pf firewall logs. Is this a deficiency in pfsense, or pf? Every professional firewall vendor has consistent logs regarding the rule that triggered an event. From a security and investigative perspective, a firewall log that contains inconsistent data is useless. Do I need a plugin? Is there any way to resolve this?
-
Regression 2.1 RC0 -> 2.1.3: Firewall logs don't show names of rules
That is an option in the system log settings. They can be configured to show as their own column, their own row, or not at all. Your old snapshot may have been before it was moved to its own option.
Bug: Reject rules show up in the logs with the red "block" symbol
That's how pf logs them, nothing we can do about that.
Feature request: Make the firewall log rule names consistent
We are doing this on 2.2 each rule is getting its own tracking ID that won't change. This is already done in 2.2 and should be working now.
