Firewall rule not matching
-
Hi.
I have some troubles with two simple firewall rules that don't match at all.
I enabled two pass firewall rules as following:Proto Source Port Destination Port
- LAN net * 192.168.10.21 *
- LAN net * 192.168.10.23 *
These rules are on the first place in the firewall rules list, in the LAN interface.
The problem is that some trafic are still blocked:
May 24 11:52:46 LAN 192.168.46.187:1294 192.168.10.23:4248 TCP:P
May 24 11:52:44 LAN 192.168.46.187:1294 192.168.10.23:4248 TCP:P
May 24 11:52:43 LAN 192.168.46.187:1294 192.168.10.23:4248 TCP:P
May 24 11:52:42 LAN 192.168.46.187:1294 192.168.10.23:4248 TCP:P
May 24 11:52:41 LAN 192.168.46.187:1294 192.168.10.23:4248 TCP:P
May 24 11:52:41 LAN 192.168.46.187:1294 192.168.10.23:4248 TCP:P
May 24 11:52:04 LAN 192.168.46.187:1260 192.168.10.21:1518 TCP:R
May 24 11:52:04 LAN 192.168.46.187:1256 192.168.10.23:8200 TCP:R
May 24 11:52:02 LAN 192.168.46.187:1256 192.168.10.23:8200 TCP:P
May 24 11:51:54 LAN 192.168.46.187:1256 192.168.10.23:8200 TCP:PIf I click on the red X button, the message informs me that the rule which triggered this action is: "@136 block drop in log quick all label "Default deny rule"
I cannot understand why this happens, as the two rules I setted up should match.
Could you help me please?
Thank you very much!I cannot understand why
-
Those packets are "return traffic" - it isn't matching the rule because it isn't making a new connection. It's part of an existing connection.
You either have asymmetric routing, causing pfSense to only see half the conversation (and not the start of it), or that is traffic that comes through after a connection's state has been dropped.
If that network is reachable via a router on your LAN net, go under System > Advanced and check the box to bypass firewall rules for traffic on the same interface.
