firewall block message - but connection succeeds

meem

bit of a strange issue- I get the following entry in my firewall log

Aug 29 19:42:23 	VLAN20 	Default deny rule IPv4 (1000000103) 	192.168.20.19:54672		192.168.50.10:8086		TCP:PA

but, the connection is working.

pi@dakboard:~ $ ifconfig | grep 192 | awk '{print $2}'
addr:192.168.20.19
pi@dakboard:~ $ telnet 192.168.50.10 8086
Trying 192.168.50.10...
Connected to 192.168.50.10.
Escape character is '^]'.

Which is expected, because there are no blocks before this rule:

 	0 /26 KiB
	IPv4 TCP 	VLAN20 net 	* 	192.168.50.10 	8086 	* 	none 	  	allow access to influxDB

I've just re-migrated onto a number of VLANs and i'm using the firewall log to find things still not working right. Which is difficult when seemingly false positives are appearing. What's making that log entry appear? It also logs the same block message for other hosts on VLAN20 connecting to the same host/port

kiokoman

https://docs.netgate.com/pfsense/en/latest/firewall/troubleshooting-blocked-log-entries-for-legitimate-connection-packets.html

packet arriving after the connection’s state has been removed or if you have other trouble could be asymmetric routing