Status>System logs>Firewall

biggsy

Just a couple of ideas:

• Could the source and destination ports could be broken out into separate columns without too much work?

• Perhaps the Action column labels could be changed to past tense (e.g., "Blocked" vs "Block").

heper

dot a) looks easy enough todo. adding 2 extra columns will change the spacing them … not sure if it'll help for readability.      <--- will give it a try and post some screenshots
dot b) thanks

heper

personally i don't like it very much. what do you & others think?

doktornotor

Shrug.

• The ports stuff needs to drop the :s
• Source-port -> Src. Port; Destination-port -> Dst. Port (just wasting space with the column width)
• The filter should be shrinked back to two rows as it was and grow itself a "hide" feature… Waste of screen estate.
• Needs some colors for Blocked/Rejected vs. Pass at least. (Is the text really even needed there?)

heper

@doktornotor:

Shrug.

• The ports stuff needs to drop the :s
• Source-port -> Src. Port; Destination-port -> Dst. Port (just wasting space with the column width)
• The filter should be shrinked back to two rows as it was and grow itself a "hide" feature… Waste of screen estate.
• Needs some colors for Blocked/Rejected vs. Pass at least. (Is the text really even needed there?)

-i know about the ":" issue. the get_port_with_service() returns with ":" … didn't bother to go look for that function at this stage

• gotcha
• perhaps, not my call
• one could implement the same icons as shown in firewall_rules.php (they still don't have colors)

heper

i've stepped away from splitting the ports from the ip's.
==> there is a  inside the that is used to for reverse-dns-lookup. its called by ajax stuff i don't understand  ;  anyway, it makes it impossible to get the src/dst-port columns anywhere near to source/destination columns.

so i only fixed the "blocked" thing. it orginally also showed 'blocked' on a PASS log ;)
if anyone has some good idea's to further improve/adjust, let me know.

Donny

@heper:

i've stepped away from splitting the ports from the ip's.
==> there is a  inside the that is used to for reverse-dns-lookup. its called by ajax stuff i don't understand  ;  anyway, it makes it impossible to get the src/dst-port columns anywhere near to source/destination columns.

so i only fixed the "blocked" thing. it orginally also showed 'blocked' on a PASS log ;)
if anyone has some good idea's to further improve/adjust, let me know.

Look better now but my suggest is the action should be change to icon (if it possible if not it is ok) and Source-port and  Destination-port should put its back
then the "Source-port change to Src. Port" and "Destination-port  change to Dest. Port" It is look more attractive and clearly. see my picture

Donny


heper

what do you mean by this? they are icons already? icons can be changed ofcourse, but i prefer them to be the same as the ones used in firewall_rules.php

but my suggest is the action should be change to icon

about the dest.port/src.port:

i've stepped away from splitting the ports from the ip's.
==> there is a  inside the that is used to for reverse-dns-lookup. its called by ajax stuff i don't understand  ;  anyway, it makes it impossible to get the src/dst-port columns anywhere near to source/destination columns.

if you have a way to get them close together, then i can try again

Donny

@heper:

what do you mean by this? they are icons already? icons can be changed ofcourse, but i prefer them to be the same as the ones used in firewall_rules.php

but my suggest is the action should be change to icon

about the dest.port/src.port:

i've stepped away from splitting the ports from the ip's.
==> there is a  inside the that is used to for reverse-dns-lookup. its called by ajax stuff i don't understand  ;  anyway, it makes it impossible to get the src/dst-port columns anywhere near to source/destination columns.

if you have a way to get them close together, then i can try again

at Act : "block" and "pass" should be change to icon that it used with Firewall. You can also use only word "Block" and "Pass"
and change them to the color "Green for pass" and Red for Block" without to use the button or icon.

biggsy

Thanks for trying, heper.

I'd still prefer to see the port numbers in a separate column but only if it's not going to cause a lot of work.

Icon or text work for me.

Only as a matter of interest, is there a way to distinguish between between drop and reject?

phil.davis

Only as a matter of interest, is there a way to distinguish between between drop and reject?

Yes, there is. While looking at this stuff on 2.3-ALPHA I noticed that the Firewall Log Display is currently hard-coded to always put "Block" as the text in the button.
Step 1: That should be fixed so it says "Pass" or "Block" as appropriate.
Step 2: Make it use icons instead of words. Use the same icons for "pass", "block", "reject" as are used on the firewall rules display.

Then I went to a 2.2.4 and 2.2.5 system to see how it behaved. It always showed the "blocked" icon. The "reject" icon was never displayed - not in 2.2.* and not in 2.3.

So I fixed all that in RELENG_2_2 - https://github.com/pfsense/pfsense/pull/2012 - hopefully that can make it into 2.2.5

For 2.3 then,

Step 3: Make the corresponding fixes from https://github.com/pfsense/pfsense/pull/2012 RELENG_2_2 in master for 2.3

heper

@phil.davis step1 & 2 are done,
do you want to handle handle step 3 ?

https://github.com/pfsense/pfsense/pull/2013

phil.davis

@heper:

@phil.davis step1 & 2 are done,
do you want to handle handle step 3 ?

https://github.com/pfsense/pfsense/pull/2013

Yep, I will wait until PR 2012 and 2013 have been reviewed and the final changes committed to the respective branches. Then I will sort out what from PR 2012 in RELENG_2_2 needs to be also done in master.

Note: This is all "bug" stuff that needs to be sorted out regardless. After that there is then the suggestions about the UI layout that are the original topic of this thread.

Steve_B

Replacing those glyphicons which fount-awesome icons ( https://fortawesome.github.io/Font-Awesome/icons/ ) do you think make sense for:

• Click to resolve

• Easyrule: add to block list

• Easyrule: pass this traffic

?

fa-info
fa-minus-square-o
fa-plus-square-o

perhaps?

So many choices  :)

I have pushed a change that incorporates these choices as a reference.

heper

@Steve_B:

• Easyrule: add to block list

• Easyrule: pass this traffic

fa-minus-square-o
fa-plus-square-o

perhaps?

personally  "-" & "+"  reminds me of, adding & removing. while in this case, both add a rule (one to block, the other to pass).
so maybe we can make both of them a "+", but use the css  color scheme?  (green=pass , red=block)

or

use different icons altogether perhaps: fa-lock / fa-unlock ?

divsys

Given that icon set, might I suggest using the "hand" series such as:

block:    hand-paper-o or hand-rock-o
reject:  thumbs-o-down
pass:    thumbs-o-up

The addition of colour (red for block and reject, green for pass) would go a long way to adding clarity IMO.

That might give us a consistent and hopefully intuitive way of representing the dual -ve conditions for processing packets.

Steve_B

We need to accommodate those who do not see colors clearly. Lock/unlock might work.

Donny

Hello, I like firewall log entries layout from the picture here under more than now. For the firewall log layout now at the "Act" column should be on the left side and not right side,  It is look conflicting.
Icons X in the Act column look not attractive. My suggestion is: It is possible to use another icon or icon like firewall. When I point to an icon information and icon + the arrow pointer is disappear.

Donny

divsys

We need to accommodate those who do not see colors clearly.

How about simply use Black on White for +ve and White on Black for -ve (or vice versa as consensus desires)?
I'm suggesting color or contrast (in this case) clues to be used in addition to icon clues.

BBcan177

Instead of defining 'icon-danger' and 'icon-success', why not just 'green' and 'red' so those css settings can be used in other places.