demian last edited by
Hi people, I have a doubt,What does these mean?
I see some connections blocked where with that info, and they should be passed, on my WAN interface..
I have a NAT rule:
WAN TCP/UDP * * WAN address 80 (HTTP) 10.20.11.3 80 (HTTP) HTTP
I get this in logs:
Mar 12 09:07:06 WAN 18.104.22.168:10139 10.20.11.3:80 TCP:R
Mar 12 08:43:12 WAN 22.214.171.124:52030 10.20.11.3:80 TCP:RA
Mar 12 08:43:02 WAN 126.96.36.199:52032 10.20.11.3:80 TCP:FA
Look at your :R :FA, etc
Firewall will pass traffic based upon state, if you get a state mismatch then traffic can be blocked. If traffic shows FA,
TCP Flags: F - FIN, S - SYN, A or . - ACK, R - RST, P - PSH, U - URG, E - ECE, W - CWR
Its a Fin Ack - but if firewall does not show correct state for the session then it would block that sort of packet.
if you reboot pfsense, or clear the states then yeah you can see those quite often. Or wireless can happen too if you drop packets and then get packets with wrong state on them, etc.
Common to see such traffic.