Hello!
With latest release I noticed that all logs about block-rules are doubled and appear twice on the live-view and also in the plain-view. Anyone any idea why this can happen in general (without the need to post my complete config ;))? Pass-rules btw are logged fine, without creating duplicates.
Br Werner
I'm seeing the same issue on 24.7.7.
Moved to the latest development release to see if that helped but did not so now back on 24.7.7 with duplicate blocks.
I'm glad it isn't only me!
very nice - thx for sharing!
now i can stop trying to find some misconfiguration on my side... ;D
Hello!
thank you very much for sharing. I thought i had an misconfiguration. My OPNsense is running on version 24.7.11_2 and it's the same issue. Hope an update will fix this soon. Or does anybody know how to fix it?
Best regards
Andy
Well I'll be damned. I didn't notice that at all. Go figure. I'll dig around a bit and see if I can see this on github. Y'all may want to do the same, and post if you find something or open a bug.
24.7.6/24.10 BE duplicate filterlog entries (https://forum.opnsense.org/index.php?topic=43493.0)
Thank you. I think this is the same bug you've posted. I will check the doubled logs after the next updates. Hope it will be fixed.
I wouldn't bet on that. Franco said it'd require a rework of pf's logging - not a small task, and (unless the existing behavior is preserved as default) a potential political PITA. And to avoid breaking folks' UI familiarity and log parsers, the default logging would really have to remain... the default.
That being said, more complete session logging would be nice... Heh.
Just a note on wacky logs: Multicast packets entering bridge member interfaces that hit block rules are logged six times, e.g. (one packet):
vlan106 in 2025-01-20T18:24:48-06:00 172.22.77.161:138 172.22.77.255:138 udp Default deny / state violation rule
vlan106 in 2025-01-20T18:24:48-06:00 172.22.77.161:138 172.22.77.255:138 udp Default deny / state violation rule
GUEST in 2025-01-20T18:24:48-06:00 172.22.77.161:138 172.22.77.255:138 udp GUEST: Reject Windows from any to any
GUEST in 2025-01-20T18:24:48-06:00 172.22.77.161:138 172.22.77.255:138 udp GUEST: Reject Windows from any to any
GUEST in 2025-01-20T18:24:48-06:00 172.22.77.161:138 172.22.77.255:138 udp GUEST: Reject Windows from any to any
GUEST in 2025-01-20T18:24:48-06:00 172.22.77.161:138 172.22.77.255:138 udp GUEST: Reject Windows from any to any
Ones that hit pass rules are logged correctly. Both cases are actually handled correctly (packets are either blocked or forwarded to other bridge members). Yes, I tested them with both physical and VLAN interfaces. I originally thought I'd run into another entrance interface mapping error, but no, it's just cosmetic. Oh, and I found out that Linksys WRT1900AC factory firmware is stupidly chatty, making it an excellent test article - plug it in and off it goes.