Blocks

demian

Hi people, I have a doubt,What does these mean?
*TCP:FA
*TCP:RA
*TCP:R

I see some connections blocked where with that info, and  they should be passed, on my WAN interface..
I have  a NAT rule:
WAN TCP/UDP * * WAN address 80 (HTTP) 10.20.11.3 80 (HTTP) HTTP

I get this in logs:
block
Mar 12 09:07:06 WAN 190.23.10.51:10139 10.20.11.3:80 TCP:R
block
Mar 12 08:43:12 WAN 130.120.110.15:52030 10.20.11.3:80 TCP:RA
block
Mar 12 08:43:02 WAN 130.120.110.15:52032 10.20.11.3:80 TCP:FA

thanks

johnpoz

Look at your :R :FA, etc

Firewall will pass traffic based upon state, if you get a state mismatch then traffic can be blocked.  If traffic shows FA,

TCP Flags: F - FIN, S - SYN, A or . - ACK, R - RST, P - PSH, U - URG, E - ECE, W - CWR

Its a Fin Ack - but if firewall does not show correct state for the session then it would block that sort of packet.

if you reboot pfsense, or clear the states then yeah you can see those quite often.  Or wireless can happen too if you drop packets and then get packets with wrong state on them, etc.

Common to see such traffic.