CloudFlare SYN & Default Drop
Kind of going cross-eyed on this, hoping someone can point out the obvious here. I run pfsense 2.3.2 and the haproxy 1.6.6 package.
When I enable CloudFlare on my site, I can see traffic coming from the CloudFlare IP ranges but they are dropped by the default wan rule in the state TCP:S.
Looking at the behaviour I can see the three SYNs come in from CF described here: https://support.cloudflare.com/hc/en-us/articles/200171906-Error-522-Connection-timed-out
What do I need to tune to permit CF to reach my server?
A simple pass rule on the wan to allow traffic to the wan-ip:80 or :443 destination should work to let the traffic reach the haproxy socket.