Issue Description
Long firewall ruleset names are truncated to 15 characters in logs, which causes log filtering issues.
When a ruleset has a long name:
- Attempting to filter logs using its full name returns empty output
- If the name is shortened to 15 characters by an experienced user, filtering works as expected
Example
16-character firewall chain name:
$ show firewall ipv4 name fwd-from-vlan-2502 Ruleset Information --------------------------------- ipv4 Firewall "name fwd-from-vlan-2502" Rule Action Protocol Packets Bytes Conditions ------- -------- ---------- --------- ------- -------------------------------------------------------------------------------------------- 10 jump all 393 20918 jump NAME_meta-100-FWD-from-vlan-basic 3000 reject all 0 0 ip daddr @FQDN_name_fwd-from-vlan-2502_3000_d prefix "[ipv4-NAM-fwd-from-vlan-2502-3000-R]" 3001 reject all 0 0 ip daddr 1.1.1.1 5000 jump all 3 156 jump NAME_permit-internet-access default drop all 0 0
Filtering logs using full name (fails):
$ show log firewall ipv4 name fwd-to-vlan-2502 $
Filtering logs using shortened name (15 chars, works):
$ show log firewall ipv4 name fwd-to-vlan-250 | strip-private | head -n 1 Jun 05 15:25:57 kernel: [ipv4-NAM-fwd-to-vlan-250-default-D]IN=eth0.2401 OUT=eth0.2502 MAC=xx:xx:xx:xx:xx:8b:xx:xx:xx:xx:xx:87:xx:xx:xx:xx:xx:1c SRC=xxx.xxx.24.6 DST=xxx.xxx.25.10 LEN=28 TOS=0x00 PREC=0x00 TTL=41 ID=3904 PROTO=ICMP TYPE=8 CODE=0 ID=18293 SEQ=0
Possible Solutions
I think the best approach is not to completely solve the problem (as the solution might be complex and introduce drawbacks for users), but rather implement workarounds:
- Show a warning when a user tries to commit a configuration with a long ruleset name
- Show a warning when a user attempts to filter logs using a long ruleset name
- Internally shorten the log name provided by the user to ensure log filtering produces output