Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unable to disable firewall rule

    Scheduled Pinned Locked Moved Firewalling
    2 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N Offline
      nsnidanko
      last edited by

      I have a problem with pfSense 2.0.1 (i386) blocking all TCP:RA and TCP:PA packets. I've tried changing mode to "conservative" but it didn't help.

      Firewall log shows the following rule is responsible for this:

      scrub in on vr0 all no-df fragment reassemble

      vr0 is LAN interface

      What can i disable to remove this rule.

      Thanks

      1 Reply Last reply Reply Quote 0
      • jimpJ Offline
        jimp Rebel Alliance Developer Netgate
        last edited by

        That means you have asymmetric routing, those are not packets that create a connection (those would be TCP:S) those are part of an existing connection or an attempt to establish one.

        The firewall rules only match on packets that create connections, so if (for example) the initial traffic takes a different path and pfsense only sees the return traffic, it gets blocked.

        Some more information about the context in which you are seeing those errors would help.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.