Replies: 2 comments 4 replies
-
@n4rkip0d - I agree! @ShagoY was the creator of these scripts...hopefully he can update. It's on my list but it'll have to wait until I have more time. |
Beta Was this translation helpful? Give feedback.
3 replies
-
Hello @a3ilson I talked with a colleague and he is a regex expert and find the right regex to list all UUID rules (tracking ID) instead of the ruleset. Here's:
|
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello @a3ilson
I have one question/idea about the firewall rules, last year I opened an issue but that was not an issue.
1. 35-rules-desc.conf
Can we change the behaviour to lookup for firewall rules UUID (tracker ID) instead of rules ruleset (Rule Number) ?
pfsense doc raw filter
--> I noticed the rule tacking number is random and not associated to a specific rule but associated to different rules depending of how is read the rules.
The rule UUID is associated to one specific rules and is never associated to another rule.
I tried to to modify your pfctl command, in order to extract rule descriptions with associated uuid number of the rule (and not tracking number) but I did not succeeded
Original command:
pfctl -vv -sr | grep label | sed -r 's/@([[:digit:]]+).*(label "|label "USER_RULE: )(.*)".*/"\1","\3"/g' | sort -V -u | awk 'NR==1{$0="\"Rule\",\"Label\""RS$0}7'
It will look like this for the
rule-names.csv
fileIf you have some time, it will simplify everything and will not false the logs in ELK.
Thank you !!
Beta Was this translation helpful? Give feedback.
All reactions