Default deny rule IPv4



  • Hello everyone, I have a firewall pfsense community edition 2.4.2-RELEASE-p1.
    Today, suddenly, the firewall has begun to block traffic to one of our webservers.
    On pfsense I installed reverse proxy to manage the addressing to different webservers.
    In the firewall logs I find this line Default deny rule IPv4 (1000000103) or Default deny rule IPv4 (1000000104) for the TCP: R protocol.
    I can not understand why this happened suddenly, until this morning everything worked and it’s been months that everything worked perfectly.
    Has anyone encountered this problem and can help me solve it?
    Thank you and good job to everybody.
    Luke



  • https://forum.pfsense.org/index.php?topic=17029.msg88467#msg88467

    Just out curiosity have you tried rebooting everything?



  • Hi I have already read this post, but my problem persists.
    I have already restarted everything, but nothing changes, the firewall continues to block the TCP: R without any reason and prevents the resource from working.
    Thanks.



  • “TCP: R”

    So a RST (reset)…  Yeah that is going to be blocked if there is no state… And if there was a state that normally tears it down the FAST way… Normally tcp sessions are ended all nice and proper with a fin, fin,ack and everyone is done talking and the firewall sees this and removes the state…  Do you understand what a state is and how a tcp session is created and torn down?

    A RST in a nutshell in TCP a shut the F up sort of way of tearing down the session.

    What exactly is not working?  And we can move forward in fixing your problem…  But your default rule blocking out of state traffic is normal…
    https://doc.pfsense.org/index.php/Why_do_my_logs_show_"blocked"_for_traffic_from_a_legitimate_connection



  • Hello,
    I thank you for the answer and I attach 3 pages with screenshots and my comments to better explain the configuration of pfsense and the problem.

    ![SCREENSHOT AND COMMENT-page-001.jpg](/public/imported_attachments/1/SCREENSHOT AND COMMENT-page-001.jpg)
    ![SCREENSHOT AND COMMENT-page-001.jpg_thumb](/public/imported_attachments/1/SCREENSHOT AND COMMENT-page-001.jpg_thumb)
    ![SCREENSHOT AND COMMENT-page-002.jpg](/public/imported_attachments/1/SCREENSHOT AND COMMENT-page-002.jpg)
    ![SCREENSHOT AND COMMENT-page-002.jpg_thumb](/public/imported_attachments/1/SCREENSHOT AND COMMENT-page-002.jpg_thumb)
    ![SCREENSHOT AND COMMENT-page-003.jpg](/public/imported_attachments/1/SCREENSHOT AND COMMENT-page-003.jpg)
    ![SCREENSHOT AND COMMENT-page-003.jpg_thumb](/public/imported_attachments/1/SCREENSHOT AND COMMENT-page-003.jpg_thumb)



  • And sorry but a R sent to your wan IP yes would be blocked… Only a SYN would be allowed and open a state…

    Vs looking at what is just in your firewall rules, why don’t you do a packet capture and watch the traffic…  Be more than happy to send traffic to your domain/IP so you can sniff and sees what happens, etc.



  • I solved the problem, I reinstalled pfsense, then I restored the backup and everything works perfectly.
    Thanks anyway for your help.



  • I am glad your not seeing the issue you were having… But such a solution is not really a solution…. Since you have no idea what was the root… Blocking RST to the wan is what should happen… If there was no state or was after a state was closed…

    A sniff would of be very very informative to what the problem actually was.


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy