Firewall logs: rule number corresponsing to rule name

bradvido · Jun 30, 2014, 9:50 PM

I have multiple firewall rules set up to log to a syslog server. This works great, but the raw log has a rule number in it, e.g. 103/0. I can't figure out how to map the rule number back to the rules I see in the PFsense Web GUI.

Thanks for any help.

jimp · Jul 1, 2014, 3:44 PM

On pfSense to get those rule numbers you need to run "pfctl -vvsr" from the shell or Diagnostics > Command.

Be careful, though. The numbers can change. At least until 2.2 where there is a static tracker id.

bradvido · Jul 8, 2014, 9:47 PM

Thanks for the tip. That works from the shell.
Is there any way to see the rule numbers in the configurator web gui?

jimp · Jul 9, 2014, 12:28 AM

From the firewall log, click the action icon on a log entry and it shows you the corresponding rule.

Or from Diagnostics > Command you can run the pfctl command to get the whole output.