I first noticed this issue in 21.1.6 (just migrated to it from pfSense 10 days ago), where sometimes when looking at the Live View and applying several filters, the labels applied to the the log entries do not match at all. Somehow labels from unrelated rules are randomly applied. In some cases multiple entries of the same rule are displayed with different labels. Sometimes they do not even match the type of rule (Block labels for allow rules and vice versa).
I was hoping this was fixed in 21.1.7 when I saw "firewall: let live log use the newly provided rule log label instead of guessing it" in the change log. Unfortunately the issue is still present.
I have 2 OPNsense, one physical and one VM and both exhibit this behavior.
If you change your rules around and then look at historical data I find this happens, but any new entries in the log are fine until you change rules around again. I just avoid making many changes when needing to use the logs so this does not happen.
No I did not change the label on existing rules. As I mentioned, sometimes multiple consecutive entries for the same rule get 2 different labels (both wrong). Other times block rules get labels from allow rules. It seems to me it's somewhat random.
I'll post a screenshot next time I come across it.
It would have been nicer to start with the screenshots and actual data from the firewall log (plain).
If the labels are being provided to the log they will be used. They can't be wrong anymore. It's just not technically possible if all preconditions are met.
Cheers,
Franco
I meant if the order of rules change not if you change the description just saying
It happened right after the reboot to upgrade to 21.1.7 so maybe they were old mislabeled entries. I hasn't happened since then. I'll keep the live log open for the rest of the day play with filters. If it happens again I'll grab screenshots and plain view. Thanks.