Incorrect rule labels assigned in firewall live view (24.10_7 & 24.7.7)

guenti_r · October 25, 2024, 10:13:35 AM

Since upgrade to OPNsense 24.10_7-amd64 Business Edition, the labels in the firewall live view are completely wrong. Is there any known issue?

Hopefully this is only a display issue?

EDIT: issue persists also on community edition 24.7.7

Seimus · October 25, 2024, 10:34:20 AM

By labels you mean the descriptions used by rules?
And what do you mean wrong? How they are wrong?

Regards,
S.

guenti_r · October 25, 2024, 10:40:41 AM

Quote from: Seimus on October 25, 2024, 10:34:20 AM
By labels you mean the descriptions used by rules?
And what do you mean wrong? How they are wrong?

Yes, the description and if it is blocked or not, completely wrong.
For example, i have a rule that should allow something (with description/label), the firewall live view shows a wrong (other) rule and blocked instead of allowed, and vice versa.

Hopefully this is only a display-issue. This is a OPNsense-HA-Cluster in a datacenter, so when I saw that, I had a heart attack first.

We have alot of OPNsense´s out there, that´s the first time i saw this.

Seimus · October 25, 2024, 11:04:59 AM

Hm similar issues I have seen, when configuring new rules and reordering them.

Usually clearing state table helps (keep in mind this is disrupting).

Regards,
S.

guenti_r · October 25, 2024, 11:28:43 AM

Does not help, also after rebooting, issue persists.

Just for info, this issue also persists in the community edition OPNsense 24.7.7-amd64

Seimus · October 25, 2024, 12:04:11 PM

I just checked this on my unit CE 24.7.7 and I don't see this behavior.

Regards,
S.

guenti_r · October 25, 2024, 12:14:54 PM

Quote from: Seimus on October 25, 2024, 12:04:11 PM
I just checked this on my unit CE 24.7.7 and I don't see this behavior.

Thanks for the info.
I checked this on a few firewalls, the problem exists everywhere.
I think this issue belongs to the auto-generated rules.

chemlud · October 25, 2024, 12:28:56 PM

no such issue on 24.7.7 here. Changed rules recently?

guenti_r · October 25, 2024, 12:35:26 PM

Quote from: chemlud on October 25, 2024, 12:28:56 PM
no such issue on 24.7.7 here. Changed rules recently?

No, only updating OPNsense. Also found it in CE 24.7.6.
To be sure, logging for these rules must be enabled.
And yes, some portforwarding is also required.

guenti_r · October 25, 2024, 12:52:31 PM

Screenshot here (just one example),
This is a NAT Rule for incoming HTTPS-Traffic to an internal reverse proxy.
This rule is labelled as "Allow Proxy external HTTPS Access".

But instead it shows a completely wrong label.

guenti_r · October 25, 2024, 01:09:42 PM

Just another nonsense, similar rule.

guenti_r · October 29, 2024, 12:15:32 PM

It turned out that the auto-generated rules cause this issue.
Hopefully it will fixed soon.

guenti_r · October 30, 2024, 10:36:00 AM

deleted

Incorrect rule labels assigned in firewall live view (24.10_7 & 24.7.7)

guenti_r

October 25, 2024, 10:13:35 AM Last Edit: October 30, 2024, 10:38:02 AM by guenti_r

Seimus

October 25, 2024, 10:34:20 AM #1

guenti_r

October 25, 2024, 10:40:41 AM #2 Last Edit: October 25, 2024, 10:46:34 AM by guenti_r

Seimus

October 25, 2024, 11:04:59 AM #3

guenti_r

October 25, 2024, 11:28:43 AM #4 Last Edit: October 25, 2024, 11:37:03 AM by guenti_r

Seimus

October 25, 2024, 12:04:11 PM #5

guenti_r

October 25, 2024, 12:14:54 PM #6

chemlud

October 25, 2024, 12:28:56 PM #7

guenti_r

October 25, 2024, 12:35:26 PM #8 Last Edit: October 25, 2024, 12:44:02 PM by guenti_r

guenti_r

October 25, 2024, 12:52:31 PM #9

guenti_r

October 25, 2024, 01:09:42 PM #10

guenti_r

October 29, 2024, 12:15:32 PM #11 Last Edit: October 29, 2024, 12:17:31 PM by guenti_r

guenti_r

October 30, 2024, 10:36:00 AM #12 Last Edit: October 30, 2024, 10:37:51 AM by guenti_r