firewall block message - but connection succeeds
-
bit of a strange issue- I get the following entry in my firewall log
Aug 29 19:42:23 VLAN20 Default deny rule IPv4 (1000000103) 192.168.20.19:54672 192.168.50.10:8086 TCP:PA
but, the connection is working.
pi@dakboard:~ $ ifconfig | grep 192 | awk '{print $2}' addr:192.168.20.19 pi@dakboard:~ $ telnet 192.168.50.10 8086 Trying 192.168.50.10... Connected to 192.168.50.10. Escape character is '^]'.
Which is expected, because there are no blocks before this rule:
0 /26 KiB IPv4 TCP VLAN20 net * 192.168.50.10 8086 * none allow access to influxDB
I've just re-migrated onto a number of VLANs and i'm using the firewall log to find things still not working right. Which is difficult when seemingly false positives are appearing. What's making that log entry appear? It also logs the same block message for other hosts on VLAN20 connecting to the same host/port
-
https://docs.netgate.com/pfsense/en/latest/firewall/troubleshooting-blocked-log-entries-for-legitimate-connection-packets.html
packet arriving after the connection’s state has been removed or if you have other trouble could be asymmetric routing