Rules do not seem to work consistently
-
I am new at using Pfsense and have found this application to be top notch. However after performing the latest updates I see packets being blocked in the logs that should be passed by a rule. One packet will be passed by the rule (both coming from the same IP and the destination is the same IP and port (443))
@64 pass in log quick on fxp1 reply-to (fxp1 X.X.X.X) inet proto tcp from any to 192.168.X.X port = https flags S/SA keep state (source-track rule, max-src-states 2500, max-src-nodes 20000) label "USER_RULE: NAT WEB SSL Port to F5"
and the next blocked by default rule
"@91 block drop in log quick all label "Default deny rule"".The filter is set to allow access to an internal HTTPS server but some connections from the same IP are blocked and some are passed. I have had no complaints from users of the HTTPS service but I am not sure what the log is displaying. Any help in interpreting the logs would be apprectiated.
Bob C
-
It sounds like this to me:
http://doc.m0n0.ch/handbook/faq-legit-traffic-dropped.htmlm0n0wall uses IPFilter, while pfsense uses PF, but the explanation reads like something that could be platform agnostic. Until users complain I think you can safely ignore it.
db
-
About the same:
http://doc.pfsense.org/index.php/Logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection%2C_why%3F