TCP:PA not following firewall rule?

bchan

I wanted to ban all outbound traffic to Russia except for the Kaspersky network. I have a dual WAN setup.

I set up rules on LAN interface like this:
FW Rules.png

Kaspersky is a network alias:
FW Alias.png

Strange enough I found in the firewall logs a lot of TCP:PA and TCP:A entries that was meant for the Kaspersky network. In other words, the first rule does not catch TCP:PA and TCP:A.
FW Logs.png

I have also tried a few things but none of them work:

marking the "Any" TCP flags checkbox in the first rule so the rule is supposed to catch everything.
Leave the Gateway to default
Change the protocol from Any to TCP/UDP

Is it a bug in pfsense 2.5? How can I get rid of the noise in Ban rule.

johnpoz

@bchan said in TCP:PA not following firewall rule?:

the first rule does not catch TCP:PA and TCP:A.

No what that means is there no state for those.. If firewall never sees a syn to create a state, or the state gets removed (say a loss of gateway, and you have flush states on that).. etc..

https://docs.netgate.com/pfsense/en/latest/troubleshooting/log-filter-blocked.html