Why is TCP:FA blocked?
I am seeing a lot of this in the pfSense logs:
block Apr 1 10:51:29 LAN 10.0.8.58:49241 22.214.171.124:8760 TCP:FA
block Apr 1 10:51:29 LAN 10.0.8.58:49235 126.96.36.199:8760 TCP:FA
block Apr 1 10:51:29 LAN 10.0.8.58:49242 188.8.131.52:8760 TCP:FA
block Apr 1 10:51:29 LAN 10.0.8.58:49256 184.108.40.206:8760 TCP:FA
However, I have this rule in the firewall config that enables everything outgoing to this address:
LAN tab, Pass any protocol:
- Our_Proxy * * none Our Proxy access
Our_Proxy 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52 enable proxy access
I don't know what TCP:FA is, or why it should be blocked if everything is supposed to be passed.
That is part of a connection teardown. It's not blocking any user data.
Is there a way to drop this from the firewall logs if it's not important?
Out of the internal 2000 lines of logging, I am only seeing about 10 minutes of data in the middle of the day because of the huge numbers of denied TCP:FA logged.
You can setup a floating rule to pass or block in/out on the LAN for TCP matching just those flags and then it will not log them (so long as that rule is not set to log…)