Blocked traffic that sometimes gets allowed?



  • There's something in my rules that's wrong, but I can't figure out what exactly. Maybe someone can help me out, I'd greatly appreciate it!

    Here's what I see in my logs:

    May 26 09:40:31 	► WAN 	let out anything IPv4 from firewall host itself (1000008963) 	192.168.1.106:55615		52.26.206.149:443		TCP:S
    May 26 09:40:31 	LAN 	Default block LAN net (all allows above this one!) (1527184618) 	192.168.1.106:55614		52.26.206.149:443		TCP:PA
    May 26 09:39:59 	► WAN 	let out anything IPv4 from firewall host itself (1000008963) 	192.168.1.106:55614		52.26.206.149:443		TCP:S
    May 26 09:39:59 	LAN 	Default block LAN net (all allows above this one!) (1527184618) 	192.168.1.106:55613		52.26.206.149:443		TCP:PA
    May 26 09:39:29 	► WAN 	let out anything IPv4 from firewall host itself (1000008963) 	192.168.1.106:55613		52.26.206.149:443		TCP:S
    

    Several things I don't understand here:
    52.26.206.149 is an AWS IP that I have allowed (and verified its on the list). The allow rule is not called 'let out anything IPv4 from firewall host itself (1000008963)', I don't actually see that rule so I think its a hidden pfsense default rule?
    The allow rule allows 443 TCP/UDP, any type, to go out. So why is one packet getting blocked and another getting allowed?

    Not sure what is the best way to share rulesets, but here's 2 screenshots. Under floating there is one rule to reject all ipv6 traffic. No other rules under other interfaces except the default bogon/private under WAN.

    Thanks in advance!

    0_1527322699418_pfsense-ruleset-LAN.JPG
    0_1527322707579_pfsense-aliases.JPG


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy