Firewall states traffic
-
Hi all,
Sorry if this has been asked before - I have searched through Google, the online documentation and the forums for an answer to no avail.
I have a question regarding firewall states. I note that under Firewall > Rules > WAN, it has a list of the firewall rules associated with the ports I have forwarded on the Firewall > NAT > Port Forward page. To the left of each rule, it lists the number of active states, as well as some measure of traffic for the states which match each rule.
What exactly is this value a measure of? I had presumed that this was a total measure of the data, which matches this rule, that has passed through the router since boot. However, I have noticed that sometimes this is not the case.
Shown below is an example of some active firewall states associated with a rule which allows inbound connections to a Teamspeak server running on port 9987. It shows 0 active states and 0 B of traffic, yet if I click the link which takes me to the states page, it shows multiple active connections (one for each currently connected user) with non-zero traffic associated with each state.
I note however that for some of the other firewall rules, the amount of traffic and active states appears to be consistent with my manual testing. I also note that, for whatever reason, the traffic value for some of these rules resets to 0 B without rebooting the router.
So I have a few questions:
- What exactly does the traffic value on the Firewall > Rules > * pages correspond to? How is it measured?
- Under what circumstances might it reset back to 0 B?
Thanks in advance for your time!
-
I have done some testing since my original post, and have managed to reproduce the aforementioned behaviour.
When I enable an unrelated firewall rule - one which was temporarily switched off in order to close unused ports - the metered traffic for the firewall rule on port 9987 is, for whatever reason, reset. Any states which were active upon resetting no longer contribute to the traffic total for that firewall rule.
Strangely enough, this only appears to affect a couple of the many firewall rules I have in place - i.e. only a couple of them have their cumulative traffic reset. This leads me to think that this behaviour is unintended.
Is anybody able to shed some light on this?