• Hi people, I have a doubt,What does these mean?

    I see some connections blocked where with that info, and  they should be passed, on my WAN interface..
    I have  a NAT rule:
    WAN TCP/UDP * * WAN address 80 (HTTP) 80 (HTTP) HTTP

    I get this in logs:
    Mar 12 09:07:06 WAN TCP:R
    Mar 12 08:43:12 WAN TCP:RA
    Mar 12 08:43:02 WAN TCP:FA


  • LAYER 8 Global Moderator

    Look at your :R :FA, etc

    Firewall will pass traffic based upon state, if you get a state mismatch then traffic can be blocked.  If traffic shows FA,

    TCP Flags: F - FIN, S - SYN, A or . - ACK, R - RST, P - PSH, U - URG, E - ECE, W - CWR

    Its a Fin Ack - but if firewall does not show correct state for the session then it would block that sort of packet.

    if you reboot pfsense, or clear the states then yeah you can see those quite often.  Or wireless can happen too if you drop packets and then get packets with wrong state on them, etc.

    Common to see such traffic.

Log in to reply