Firewall Live View no longer tags Outbound NAT as rdr since 24.7.6

[MrBlack]

I did a quick upgrade to 24.7.6 in order to install some plugins. Upon looking at my Firewall Live View, I noticed a bunch of rule entries that were missing a description. After looking at the pattern of traffic I realized that they were the NAT redirection entries that were no longer highlighted gold, nor tagged as Automatic Outbound NAT traffic also breaking Action filters.

[MrBlack]

I'm not sure if this is related to the recent commit for pflog: pass the action to pflog directly: https://github.com/opnsense/src/commit/18af3384cc5f0f02266d67674e860509828bf44a

I'm going to try to downgrade my kernel to 24.7.5 and see if NAT rdr highlighting returns.

EDIT: NAT traffic is still not tagged or highlighted gold after downgrading kernel to 24.7.5_4

[pacnwsoundstream]

I updated my system this morning and can confirm this is happening on my end too.

[franco]

If NAT logging broke it was in 24.7 with FreeBSD 14.1. There are enough upstream changes that clearly degrade the behaviour of pflog.

The particular change in 24.7.6 just unbreaks two spots (one for IPv4 and one for IPv6), but the change is also not 100% correct in all cases.

I can assure you OpenBSD also has a lack of visibility / reliability in that area. We have had multiple fixes forwarded to both projects so far.  ;)


Cheers,
Franco

[julsssark]

I think what is happening is that NAT redirects are no longer being tagged with an action of RDR. I see them in my logs but they have an action of Pass. I checked my logs and the last day I had an RDR action was on October 8, the day before 10.7.6 was released.