Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    Introducing Netgate Nexus: Multi-Instance Management at Your Fingertips.

    What is rule 4294967295 ?

    Scheduled Pinned Locked Moved Firewalling
    7 Posts 6 Posters 319 Views 7 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J Offline
      johndoe102
      last edited by

      Hello everybody,

      I recently updated my Netgate 4200 with pf+ to 25.11-RELEASE.

      When I check the Firewall System Logs, there are many blocked actions for rule 4294967295 ?

      There are blocked firewall entries for some of the defined VLANs ... not all VLANs.
      I couldn't find any firewall rule with this ID.

      Can anybody explain to me what is this rule ?

      Screenshot From 2026-01-09 00-21-33.png

      Thank you
      Tom

      johnpozJ J GertjanG 3 Replies Last reply Reply Quote 0
      • johnpozJ Offline
        johnpoz LAYER 8 Global Moderator @johndoe102
        last edited by

        @johndoe102 there was this

        https://redmine.pfsense.org/issues/12872

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 25.11.1 | Lab VMs 2.8.1, 25.11.1

        1 Reply Last reply Reply Quote 0
        • J Offline
          johndoe102 @johndoe102
          last edited by

          @johnpoz
          FYI. I think I have found the reason for it (not a fix ๐Ÿ™‚ )

          I did following:

          1. Roll back using Boot Environments to an earlier known good state (Release 25.07.1)
          2. Clear all System Log Files.
          3. Reboot -> Firewall Logs is empty ... no strange entries with rule 4294967295 ๐Ÿ‘Œ
          4. Install Release 25.11
          5. Clear all System Log Files.
          6. Reboot -> Firewall Logs contains strange entries, but without any rule ID ๐Ÿ˜ 
            Screenshot From 2026-01-09 12-01-20.png
          7. Apply following patches:
            Screenshot From 2026-01-09 12-08-23.png
          8. Clear all System Log Files.
          9. Reboot -> Firewall Logs contains strange entries with rule ID 4294967295 ... and in one of the patches Fix firewall not matching PF rules with rule number 0 is probably the explanation ๐Ÿค”
          Bob.DigB 1 Reply Last reply Reply Quote 0
          • Bob.DigB Offline
            Bob.Dig LAYER 8 @johndoe102
            last edited by

            I get these (@4294967295) a lot.

            The rule ID shown in the "post-patch" screenshot is the default ID used when a packet is dropped without a matching rule in the ruleset (e.g. due to a short packet error, IP option, etc.).

            1 Reply Last reply Reply Quote 0
            • GertjanG Offline
              Gertjan @johndoe102
              last edited by

              @johndoe102 said in What is rule 4294967295 ?:

              rule 4294967295

              That's $FFFFFFFF. Unsigned, that makes 4294967295.
              If that's is a signed int, make that rule number -1 so an error being returned ?

              pf is giving up on something ?

              No "help me" PM's please. Use the forum, the community will thank you.

              1 Reply Last reply Reply Quote 0
              • U Offline
                Uglybrian
                last edited by

                I have also run across the same rule ID/ tracker value showing up periodically. Currently using 25.11 with KEA.
                In case it matters to anyone, the rule will show up when i enable Nexus.

                2026-01-09_07-00firelogs.png

                It also showed up on the on my port3_wifi segment.

                firewallicmp.png

                I have a ICMP allow subnet to any.

                After some investigation, I found if i changed the allow ICMP source from subnets to any. The rule
                ID @4292967295 stopped logging.

                My last IPV6 rule on the WIFI segment was a allow all subnet to any.

                I guessing the there was something related between these two rules that was triggering it.
                Im still reading upon it,slowly.

                S 1 Reply Last reply Reply Quote 0
                • S Offline
                  SteveITS Rebel Alliance @Uglybrian
                  last edited by

                  @Uglybrian ff02::16 is multicast.

                  FWIW we always disable logging for the default block rules, unless diagnosing something. There's a lot less noise, and disk writes.

                  Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                  When upgrading, allow 10-15 minutes to reboot, or more depending on packages, CPU, and/or disk speed.
                  Upvote ๐Ÿ‘ helpful posts!

                  1 Reply Last reply Reply Quote 0
                  • S SteveITS referenced this topic
                  • U Uglybrian referenced this topic
                  • First post
                    Last post
                  Copyright 2026 Rubicon Communications LLC (Netgate). All rights reserved.