black arrow in the logs in interface column

  • Hi guys,
    hopefully someone can explain to me what I'm seeing in my logs. Please see the added picture for topology explanation.
    For example:
    I have a rule on every interface to allow ICMP. For easy implementation I have an allow any rule on the bottom which is logging at the moment. When I ping now from the subnet to the subnet the ping works. But it is logged by the allow any rule and a black arrow is added to the outbound interface name. The source in the logs is an IP of the and the destination an IP of the
    I found out that all packet which have this black sign are either TCP:SEC, UDP/161 and ICMP.
    I do not understand what pfsense means with TCP:SEC, and I could not find it in any documentation. UDP/161 is for SNMP which is correct because in the a SNMP server is located to monitor some IoT devices, and ICMP of course is ping.

    But what does the black arrow mean?
    Why the ping hits the allow any rule in the bottom and not the ICMP rule on the top (no floating rules, because I know floating is last match wins)
    I'm a little concerned what happens when I delete the allow any rule.

    Thanks for your help in advance.

Log in to reply