Why is TCP:FA blocked?
-
I am seeing a lot of this in the pfSense logs:
block Apr 1 10:51:29 LAN 10.0.8.58:49241 205.213.111.82:8760 TCP:FA
block Apr 1 10:51:29 LAN 10.0.8.58:49235 205.213.111.82:8760 TCP:FA
block Apr 1 10:51:29 LAN 10.0.8.58:49242 205.213.111.82:8760 TCP:FA
block Apr 1 10:51:29 LAN 10.0.8.58:49256 205.213.111.82:8760 TCP:FA======
However, I have this rule in the firewall config that enables everything outgoing to this address:
LAN tab, Pass any protocol:
-
-
- Our_Proxy * * none Our Proxy access
-
Aliases:
Our_Proxy 205.213.111.132, 205.213.111.122, 205.213.111.82, 205.213.111.78, 205.213.111.90 enable proxy access========
I don't know what TCP:FA is, or why it should be blocked if everything is supposed to be passed.
-
-
That is part of a connection teardown. It's not blocking any user data.
http://doc.pfsense.org/index.php/Logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection,_why%3F -
Is there a way to drop this from the firewall logs if it's not important?
Out of the internal 2000 lines of logging, I am only seeing about 10 minutes of data in the middle of the day because of the huge numbers of denied TCP:FA logged.
-
You can setup a floating rule to pass or block in/out on the LAN for TCP matching just those flags and then it will not log them (so long as that rule is not set to log…)