Firewall all kinds of weird and spontaneous blocks on LAN

Mr. Jingles · Jan 15, 2014, 3:44 PM

Rule for VLAN40 is doing its thing on VLAN50 (?)

![003 - Rule for VLAN40 works on VLAN50.jpg](/public/imported_attachments/1/003 - Rule for VLAN40 works on VLAN50.jpg)
![003 - Rule for VLAN40 works on VLAN50.jpg_thumb](/public/imported_attachments/1/003 - Rule for VLAN40 works on VLAN50.jpg_thumb)

Mr. Jingles · Jan 15, 2014, 3:47 PM

Attached also the firewall rules for that VLAN50; I don't see any 'VLAN40' in here, so no clue why the previous weird picture.

![003 - Rule for VLAN40 works on VLAN50 -2.jpg](/public/imported_attachments/1/003 - Rule for VLAN40 works on VLAN50 -2.jpg)
![003 - Rule for VLAN40 works on VLAN50 -2.jpg_thumb](/public/imported_attachments/1/003 - Rule for VLAN40 works on VLAN50 -2.jpg_thumb)

Mr. Jingles · Jan 15, 2014, 3:49 PM

WAN2 (cable) blocked a private IP, but the destination is weird?

![005 - Bootpc on cable WAN.jpg](/public/imported_attachments/1/005 - Bootpc on cable WAN.jpg)
![005 - Bootpc on cable WAN.jpg_thumb](/public/imported_attachments/1/005 - Bootpc on cable WAN.jpg_thumb)

Mr. Jingles · Jan 15, 2014, 3:49 PM

Bootpc is bogon?

![004 - Bootpc is bogon.jpg](/public/imported_attachments/1/004 - Bootpc is bogon.jpg)
![004 - Bootpc is bogon.jpg_thumb](/public/imported_attachments/1/004 - Bootpc is bogon.jpg_thumb)

Mr. Jingles · Jan 15, 2014, 3:50 PM

NTP goes DNS.

![006 - NTP goes DNS.jpg](/public/imported_attachments/1/006 - NTP goes DNS.jpg)
![006 - NTP goes DNS.jpg_thumb](/public/imported_attachments/1/006 - NTP goes DNS.jpg_thumb)

Mr. Jingles · Jan 15, 2014, 3:51 PM

And the VLAN40 rules for the previous picture.

![008 - VLAN40.jpg](/public/imported_attachments/1/008 - VLAN40.jpg)
![008 - VLAN40.jpg_thumb](/public/imported_attachments/1/008 - VLAN40.jpg_thumb)

Mr. Jingles · Jan 15, 2014, 3:51 PM

Interfaces/WAN (VDSL).

![009 - Interfaces_WAN.jpg](/public/imported_attachments/1/009 - Interfaces_WAN.jpg)
![009 - Interfaces_WAN.jpg_thumb](/public/imported_attachments/1/009 - Interfaces_WAN.jpg_thumb)

Mr. Jingles · Jan 15, 2014, 3:52 PM

Interfaces/WAN2 (cable)

![010 - Interfaces_WAN2.jpg](/public/imported_attachments/1/010 - Interfaces_WAN2.jpg)
![010 - Interfaces_WAN2.jpg_thumb](/public/imported_attachments/1/010 - Interfaces_WAN2.jpg_thumb)

Mr. Jingles · Jan 15, 2014, 3:52 PM

Interfaces/LAN.

![011 - Intefaces - LAN.jpg](/public/imported_attachments/1/011 - Intefaces - LAN.jpg)
![011 - Intefaces - LAN.jpg_thumb](/public/imported_attachments/1/011 - Intefaces - LAN.jpg_thumb)

Mr. Jingles · Jan 15, 2014, 3:52 PM

Interfaces/VLAN40.

![012 - Intefaces - VLAN40.jpg](/public/imported_attachments/1/012 - Intefaces - VLAN40.jpg)
![012 - Intefaces - VLAN40.jpg_thumb](/public/imported_attachments/1/012 - Intefaces - VLAN40.jpg_thumb)

Mr. Jingles · Jan 15, 2014, 3:53 PM

Advanced/networking.

![013 - Advanced - Networking.jpg](/public/imported_attachments/1/013 - Advanced - Networking.jpg)
![013 - Advanced - Networking.jpg_thumb](/public/imported_attachments/1/013 - Advanced - Networking.jpg_thumb)

Mr. Jingles · Jan 15, 2014, 3:53 PM

System log settings.

![014 - SystemLog - Settings.jpg](/public/imported_attachments/1/014 - SystemLog - Settings.jpg)
![014 - SystemLog - Settings.jpg_thumb](/public/imported_attachments/1/014 - SystemLog - Settings.jpg_thumb)

Mr. Jingles · Jan 15, 2014, 3:59 PM

And, finally, the LAN rules in two parts (note the number of 'easy rules passed from firewall log view'. And even then they still aren't working, as the log is still flooded with IPv6 as shown in the first picture):

![007 - LAN-rules1.jpg](/public/imported_attachments/1/007 - LAN-rules1.jpg)
![007 - LAN-rules1.jpg_thumb](/public/imported_attachments/1/007 - LAN-rules1.jpg_thumb)

Mr. Jingles · Jan 15, 2014, 3:56 PM

LAN rules part 2:

![007 - LAN-rules2.jpg](/public/imported_attachments/1/007 - LAN-rules2.jpg)
![007 - LAN-rules2.jpg_thumb](/public/imported_attachments/1/007 - LAN-rules2.jpg_thumb)

Mr. Jingles · Jan 15, 2014, 3:57 PM

And finally, the multicast-alias in the LAN rules:

![015 - multicast alias.jpg](/public/imported_attachments/1/015 - multicast alias.jpg)
![015 - multicast alias.jpg_thumb](/public/imported_attachments/1/015 - multicast alias.jpg_thumb)

Mr. Jingles · Jan 15, 2014, 4:15 PM

So I will be feeling hugely indebted to everybody who can help me solve this, that goes without saying :P

(because it is driving me crazy, this flooding of logs which I am trying to fight with the firewall rules every day :-[).

Thank you in advance very much (really :-*),

Bye ;D

Mr. Jingles · Jan 15, 2014, 4:14 PM

EDIT: I forgot one screenshot from the general system log. Errors 'finding Ipv6 gateway' (?) on both WAN and WAN2 (=opt4).

I should also add that I added this WAN2 a couple of days ago (I don't know exactly when anymore), and I also don't know if that is when the IPv6-flooding in the logs and the error in the attached picture began :-\

![016 - system log error.jpg](/public/imported_attachments/1/016 - system log error.jpg)
![016 - system log error.jpg_thumb](/public/imported_attachments/1/016 - system log error.jpg_thumb)

Mr. Jingles · Jan 15, 2014, 4:34 PM

Cry. WIFE is angry with me now :-[

This is happening as I was busy with my failover WAN:

![017 - WIFE complains.jpg](/public/imported_attachments/1/017 - WIFE complains.jpg)
![017 - WIFE complains.jpg_thumb](/public/imported_attachments/1/017 - WIFE complains.jpg_thumb)

Mr. Jingles · Jan 15, 2014, 4:34 PM

And this, floods of it:

![018 - WIFE2.jpg](/public/imported_attachments/1/018 - WIFE2.jpg)
![018 - WIFE2.jpg_thumb](/public/imported_attachments/1/018 - WIFE2.jpg_thumb)

johnpoz · Jan 15, 2014, 5:23 PM

Everyone of those seems to me blocked because of states out of sync you notice the tcp flags on the proto

TCP Flags: F - FIN, S - SYN, A or . - ACK, R - RST, P - PSH, U - URG, E - ECE, W - CWR

https://doc.pfsense.org/index.php/Logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection,_why%3F

This is going to happen when you have something get out of wack where pfsense states do not list these connections and then sees traffic. Can happen when you clear states or reboot pfsense. Can happen if you have devices that are in and out of the network, say wireless devices for example. I mostly see these in my logs from my sons phone. This sort of thing is common and will happen with any stateful firewall.