Blocked traffic that sometimes gets allowed?
-
There's something in my rules that's wrong, but I can't figure out what exactly. Maybe someone can help me out, I'd greatly appreciate it!
Here's what I see in my logs:
May 26 09:40:31 ► WAN let out anything IPv4 from firewall host itself (1000008963) 192.168.1.106:55615 52.26.206.149:443 TCP:S May 26 09:40:31 LAN Default block LAN net (all allows above this one!) (1527184618) 192.168.1.106:55614 52.26.206.149:443 TCP:PA May 26 09:39:59 ► WAN let out anything IPv4 from firewall host itself (1000008963) 192.168.1.106:55614 52.26.206.149:443 TCP:S May 26 09:39:59 LAN Default block LAN net (all allows above this one!) (1527184618) 192.168.1.106:55613 52.26.206.149:443 TCP:PA May 26 09:39:29 ► WAN let out anything IPv4 from firewall host itself (1000008963) 192.168.1.106:55613 52.26.206.149:443 TCP:SSeveral things I don't understand here:
52.26.206.149 is an AWS IP that I have allowed (and verified its on the list). The allow rule is not called 'let out anything IPv4 from firewall host itself (1000008963)', I don't actually see that rule so I think its a hidden pfsense default rule?
The allow rule allows 443 TCP/UDP, any type, to go out. So why is one packet getting blocked and another getting allowed?Not sure what is the best way to share rulesets, but here's 2 screenshots. Under floating there is one rule to reject all ipv6 traffic. No other rules under other interfaces except the default bogon/private under WAN.
Thanks in advance!
