LAN allowed packets blocked when should be passed

jpforte

I have an SG-1000 that is new to me. There is something odd.

In the firewall logs it shows LAN packets being blocked by the default deny rule.

https://www.dropbox.com/s/5to1z2wv8m7o3rq/Screenshot%202017-10-23%2017.43.25.png?dl=0

However is rules for the LAN I have all LAN traffic to all destinations allowed.

https://www.dropbox.com/s/tfaerrkkjhq9jty/Screenshot%202017-10-23%2017.42.50.png?dl=0

How is this happening?

![Screenshot 2017-10-23 17.43.25.png](/public/imported_attachments/1/Screenshot 2017-10-23 17.43.25.png)
![Screenshot 2017-10-23 17.43.25.png_thumb](/public/imported_attachments/1/Screenshot 2017-10-23 17.43.25.png_thumb)
![Screenshot 2017-10-23 17.42.50.png](/public/imported_attachments/1/Screenshot 2017-10-23 17.42.50.png)
![Screenshot 2017-10-23 17.42.50.png_thumb](/public/imported_attachments/1/Screenshot 2017-10-23 17.42.50.png_thumb)

johnpoz

Those look to be all out of state packets… Notice the flags FA, PA..

https://doc.pfsense.org/index.php/Why_do_my_logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection

nleaudio

I've got a PF Sense install that is generating TONS of blocked packets in the logs - like 20-30 per second. A lot of DNS lookups, and other legit traffic. I read the doc.pfsense.org link, but this just seems very strange to me that so much is being logged as blocked by the default rule. I've been having some DNS lookup issues, and now that I see a lot of this traffic being blocked to the ISP dns server, it makes me wonder if this isn't the issue. In the firewall rules, I am allowing everything out for all protocols, even from any source. Normal browser operation seems to be ok. Should I just disregard all these tons of logged events?

Bob

Derelict

Impossible to say without seeing what is actually being logged.

KOM

Start a new thread instead of piggybacking off this one and post your firewall rules.