Rule Skipping ?...
-
...am sure I am missing something, but small brain here cannot figure it out...
Recently I added a "default block" rule (with logging enabled) to the bottom of my IOT net rules, and am getting logged notices of blocked traffic I think should have been allowed by previous rules above the "default block" rule. The two hosts have aliases, and the IPs correspond to the aliases shown. As well the port in question, 443, is specified in the "allowed egress ports" alias, and also the host-specific rule allows for "any" port (asterisk), so it seems to me there are two rules that allow the traffic before it reaches the default block rule... I can't figure out why this is happening....
EDIT -- forgot to say I am running the CE version
-
@njaimo That's probably out of state traffic being blocked. For example, the TCP:RA is an acknowledgment (ACK or A) of a connection reset (R) msg, so the connection has already been torn down by pfSense when that returning ACK hits the firewall and is blocked due to not matching an existing state. These are harmless.
Are you seeing any problems with your applications?
-
@KOM Many Thanks for the reply ! ...good to know...
