4. Blocks

Blocks

  • D

    Hi people, I have a doubt,What does these mean?
    *TCP:FA
    *TCP:RA
    *TCP:R

    I see some connections blocked where with that info, and  they should be passed, on my WAN interface..
    I have  a NAT rule:
    WAN TCP/UDP * * WAN address 80 (HTTP) 10.20.11.3 80 (HTTP) HTTP

    I get this in logs:
    block
    Mar 12 09:07:06 WAN 190.23.10.51:10139 10.20.11.3:80 TCP:R
    block
    Mar 12 08:43:12 WAN 130.120.110.15:52030 10.20.11.3:80 TCP:RA
    block
    Mar 12 08:43:02 WAN 130.120.110.15:52032 10.20.11.3:80 TCP:FA

    thanks

    0
  • LAYER 8 Global Moderator

    Look at your :R :FA, etc

    Firewall will pass traffic based upon state, if you get a state mismatch then traffic can be blocked.  If traffic shows FA,

    TCP Flags: F - FIN, S - SYN, A or . - ACK, R - RST, P - PSH, U - URG, E - ECE, W - CWR

    Its a Fin Ack - but if firewall does not show correct state for the session then it would block that sort of packet.

    if you reboot pfsense, or clear the states then yeah you can see those quite often.  Or wireless can happen too if you drop packets and then get packets with wrong state on them, etc.

    Common to see such traffic.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy