Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Packets get silently droped when two states are created

    Firewalling
    1
    1
    126
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      Klinger
      last edited by

      Hello folks,

      last week I stumbled across a weird issue. After an outage I noticed that all firewall rules work accept for traffic using a specific firewall rule. The traffic got matched and a state was created however the reply was not forwarded to the corresponding client. The reply reached the WAN interface but wasn't forwarded or blocked by default drop.
      I also noticed that there was another rule for this traffic in Floating on the WAN interface allowing the traffic in outbound direction. This rule was applied as well and another state was created when the traffic exits the WAN interface. By disabling the outbound rule, the reply was forwarded correctly.

      Has anyone seen this or have any explanation? I conclude that those two states caused this behavior. For now I deactivated the floating rules.

      The next thing is. I often see packets getting blocked in outbound direction on WAN. Which is why I added additional outbound rules. The traffic is allowed inbound on the originating interface. Any idea why that might be. The rules which are affected by this typically have the any TCP flag option set.

      Kind regards

      1 Reply Last reply Reply Quote 0
      • First post
        Last post