Purpose of tracker on pfsense config rules
ltctech last edited by
I sometimes manually edit pfsense xml config files directly as it is much quicker than doing so via GUI. I noticed that new config file rules have something called tracker, which is essentially a unix time stamp. Where is this used, does it have to be unique, does it determine rule order?
The nat rules have something called associated-rule-id which is just a php uniqid and it has to match the associated the rules, so it's obvious what that does.
cmb last edited by
It's put into the ruleset for log identification purposes. Only the rule number as configured in the running ruleset was logged by pf previously, and that isn't a static number. So if you made significant enough changes to your rules and/or NAT, then go to the firewall log, it'd tell you the wrong rule or be unable to find a matching rule.
Check the code in /etc/inc/filter.inc to ensure you're properly generating that for rules. There's a function there you could use or adapt.