Author Topic: Bug Report - Filtered Firewall Log (Read 136 times)

JonH · « **on:** December 29, 2017, 03:16:40 pm »

Using 2.4.2-RELEASE-p1 (amd64) on SG-2440
I believe following is a bug, if not my apologies:
Filter firewall log by source port 67 returns all entries that contain '67' within the port number.
That is, it will return port 18679 instead of only 67. I think this worked correctly in earlier versions of pfSense.
Attached screenshot:

strangegopher · « **Reply #1 on:** December 29, 2017, 03:47:14 pm »

Post bugs here: https://redmine.pfsense.org/projects/pfsense/issues/new

BBcan177 · « **Reply #2 on:** December 29, 2017, 03:49:51 pm »

It's not a bug. The filter uses regex.

Example to match only "67":

"^67" starts with 67
"^67$" starts and ends with only 67

johnpoz · « **Reply #3 on:** December 29, 2017, 04:19:08 pm »

You need to understand how to use regex

I only do logs of SYN packets so missing a lot of noise.. But here is example of proper use of regex.. So when I just put in 23 it going to match pretty much anything that has 23 in it.. 2323, 5623, 1423, etc. etc..

First image.. If use the correct regex for what exactly I want - just port 23.. nothing more nothing less with ^23$ then that is all you get.. See in first post there were 3 hits with hit before at 15:19:49 and hit after at 15:13:33 now in second sniff those are missing..

JonH · « **Reply #4 on:** December 29, 2017, 04:35:26 pm »

> nothing more nothing less with ^23$ then that is all you get

Thanks All. I don't recall (but my memory is getting worse) this was necessary in earlier version.
But now that I know I'm all set.

Author Topic: Bug Report - Filtered Firewall Log (Read 136 times)

JonH

Bug Report - Filtered Firewall Log

strangegopher

Re: Bug Report - Filtered Firewall Log

BBcan177

Re: Bug Report - Filtered Firewall Log

johnpoz

Re: Bug Report - Filtered Firewall Log

JonH

Re: Bug Report - Filtered Firewall Log