Packets get blocked although rules present



  • Hi there,

    if I take a look at my logs I can see that there are packets blocked to which there seems to be rules. Like for http and imaps traffic…

    Why are these packets beeing blocked? Any hints? Why are the all these block out pppoe0 packets? Aren't these packet originating from LAN? Also some blocked packets from vr0 (LAN) on https? That is definitely allowed...

    00:00:00.000000 rule 2/0(match): block out on pppoe0: xxxx.53961 > 174.36.30.4.80:  tcp 32 [bad hdr length 0 - too short, < 20]
    00:00:01.401082 rule 2/0(match): block out on pppoe0: xxxx.46012 > 128.242.245.39.443:  tcp 59 [bad hdr length 0 - too short, < 20]
    00:00:04.398902 rule 1/0(match): block in on pppoe0: 80.67.29.6.993 > xxxx.10808: [|tcp]
    00:00:00.204593 rule 2/0(match): block out on pppoe0: xxxx.18542 > 80.67.29.6.993:  tcp 117 [bad hdr length 0 - too short, < 20]
    00:00:02.001601 rule 2/0(match): block out on pppoe0: xxxx.34999 > 174.36.30.4.80: [|tcp]
    00:00:02.001716 rule 2/0(match): block out on pppoe0: xxxx.44954 > 17.148.16.46.993: [|tcp]
    00:00:00.750211 rule 1/0(match): block in on vr0: 10.0.100.1.5353 > 10.0.100.254.5351: [|domain]
    00:00:00.000070 rule 1/0(match): block in on vr0: 10.0.100.1.52921 > 10.0.100.254.1900: UDP, length 129
    00:00:00.000189 rule 1/0(match): block in on vr0: 10.0.100.1.5353 > 10.0.100.254.5351: [|domain]
    00:00:00.000118 rule 1/0(match): block in on vr0: 10.0.100.1.52921 > 10.0.100.254.1900: UDP, length 128
    00:00:00.377061 rule 1/0(match): block in on pppoe0: 83.5.247.67.58943 > xxxx.6881:  tcp 32 [bad hdr length 0 - too short, < 20]
    00:00:00.221283 rule 1/0(match): block in on pppoe0: 17.148.16.31.25 > xxxx.54861: [|tcp]
    00:00:02.772713 rule 1/0(match): block in on pppoe0: 83.5.247.67.58943 > xxxx.6881: [|tcp]
    00:00:00.406350 rule 1/0(match): block in on pppoe0: 88.251.156.228.4378 > xxxx.6881: [|tcp]
    00:00:02.377476 rule 2/0(match): block out on pppoe0: xxxx.42938 > 209.85.149.103.443: [|tcp]
    00:00:00.000065 rule 2/0(match): block out on pppoe0: xxxx.41340 > 209.85.149.103.80: [|tcp]
    00:00:00.605864 rule 1/0(match): block in on pppoe0: 88.251.156.228.4378 > xxxx.6881: [|tcp]
    00:00:02.618127 rule 1/0(match): block in on pppoe0: 83.5.247.67.58943 > xxxx.6881: [|tcp]
    00:00:00.524507 rule 1/0(match): block in on vr0: 10.0.100.1.5353 > 10.0.100.254.5351: [|domain]
    00:00:00.000053 rule 1/0(match): block in on vr0: 10.0.100.1.52921 > 10.0.100.254.1900: UDP, length 129
    00:00:02.477986 rule 1/0(match): block in on vr0: 10.0.100.1.50467 > 184.154.88.59.53: [|domain]
    00:00:00.879195 rule 2/0(match): block out on pppoe0: xxxx.44929 > 209.85.149.103.80: [|tcp]
    00:00:00.000065 rule 2/0(match): block out on pppoe0: xxxx.62412 > 174.36.30.4.80: [|tcp]
    00:00:00.818468 rule 1/0(match): block in on pppoe0: 17.149.37.10.5223 > xxxx.48138: [|tcp]
    00:00:06.787496 rule 2/0(match): block out on pppoe0: xxxx.17062 > 17.149.37.10.5223: [|tcp]
    00:00:00.100167 rule 1/0(match): block in on vr0: 10.0.100.1.57026 > 75.126.110.108.443: [|tcp]
    00:00:01.000960 rule 2/0(match): block out on pppoe0: xxxx.17448 > 209.85.149.103.443: [|tcp]
    00:00:00.700599 rule 2/0(match): block out on pppoe0: xxxx.3456 > 128.242.245.39.443: [|tcp]
    00:00:01.595090 rule 2/0(match): block out on pppoe0: xxxx.56259 > 80.67.29.6.993: [|tcp]
    00:00:00.716908 rule 1/0(match): block in on pppoe0: 174.36.30.4.80 > xxxx.60803: [|tcp]
    00:00:00.009077 rule 1/0(match): block in on pppoe0: 80.67.29.6.993 > xxxx.10808: [|tcp]
    00:00:02.282744 rule 2/0(match): block out on pppoe0: xxxx.24647 > 80.67.29.6.993: [|tcp]
    00:00:01.014576 rule 2/0(match): block out on pppoe0: xxxx.31072 > 17.148.16.46.993: [|tcp]
    00:00:00.831301 rule 1/0(match): block in on pppoe0: 174.36.30.4.80 > xxxx.60803: [|tcp]
    00:00:00.179098 rule 1/0(match): block in on vr0: 10.0.100.1.50247 > 80.67.29.6.993: [|tcp]
    00:00:00.977670 rule 1/0(match): block in on vr0: 10.0.100.1.50247 > 80.67.29.6.993: [|tcp]
    00:00:01.000969 rule 2/0(match): block out on pppoe0: xxxx.22691 > 17.148.16.46.993: [|tcp]
    00:00:00.000064 rule 2/0(match): block out on pppoe0: xxxx.9982 > 17.148.17.81.993: [|tcp]
    00:00:00.000057 rule 2/0(match): block out on pppoe0: xxxx.37929 > 80.67.29.6.993: [|tcp]
    00:00:01.000830 rule 1/0(match): block in on vr0: 10.0.100.1.50247 > 80.67.29.6.993: [|tcp]
    00:00:01.010079 rule 2/0(match): block out on pppoe0: xxxx.17871 > 17.148.16.46.993: [|tcp]
    00:00:00.991669 rule 2/0(match): block out on pppoe0: xxxx.49996 > 17.148.16.46.993: [|tcp]
    00:00:00.179451 rule 1/0(match): block in on pppoe0: 17.148.17.81.993 > xxxx.43796: [|tcp]
    00:00:00.676434 rule 1/0(match): block in on pppoe0: 17.148.17.81.993 > xxxx.43796: [|tcp]
    00:00:01.145686 rule 2/0(match): block out on pppoe0: xxxx.49945 > 17.148.16.46.993: [|tcp]
    00:00:00.000091 rule 1/0(match): block in on vr0: 10.0.100.1.50247 > 80.67.29.6.993: [|tcp]
    00:00:00.212210 rule 1/0(match): block in on pppoe0: 17.148.17.81.993 > xxxx.43796: [|tcp]
    00:00:01.868201 rule 78/8(ip-option): pass in on ath0_wlan0: 172.16.100.5 > 224.0.0.2: igmp leave 224.0.0.251
    00:00:00.006405 rule 78/8(ip-option): pass in on ath0_wlan0: 172.16.100.5 > 224.0.0.251: igmp v2 report 224.0.0.251
    00:00:00.870603 rule 1/0(match): block in on pppoe0: 17.148.17.81.993 > xxxx.43796: [|tcp]
    00:00:01.045806 rule 2/0(match): block out on pppoe0: xxxx.28181 > 17.148.16.46.993: [|tcp]
    
    




  • Thanks for the info!


Log in to reply