Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    FIN/RST packets blocked

    Firewalling
    3
    4
    2450
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mawi last edited by

      Hi,

      I hope this isn't a silly question, but I didn't find out by myself and it might be a peace of cake for somebody more experienced with pfSense:
      Looking in the firewall log I see that all TCP:FA or TCP:RA pakets are blocked. I don't find any setting or rule to do so and honestly, I don't see a reason to block packages which (to my understanding) just terminate an existing TCP connection. I don't consider this as an issue but I'd appreciate if anybody could enlighten me… and I'd like to get rid of the logging entries!

      Thx!

      I don't think this is important, but just for the records: 2.0.1-RELEASE (i386) / FreeBSD 8.1-RELEASE-p6

      Best regards,
      Markus

      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        Probably this: http://doc.pfsense.org/index.php/Logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection,_why%3F

        Most likely, the connections were already allowed, but the states were removed, and then after the states were removed, another packet came through. Especially common if transparent squid is involved.

        1 Reply Last reply Reply Quote 0
        • A
          adam65535 last edited by

          When 2.1 is released you will be able to not log those leftover packets from a previous connection by blocking the TCP packets with certain TCP Options set right at the beginning of your rule base.  This was not possible until a recent change was made on a 2.1 RC snapshot.
          See… http://forum.pfsense.org/index.php/topic,63449.msg343455.html#msg343455

          Note the above discussion blocks without logging the leftover FIN/ACK packets.  If you want to also not log the FIN/RST packets you would need to create another rule but with the TCP flags settings changed to TCP Flags: SET:FIN,RST  OUTOF:FIN,SYN,RST,ACK,URG.

          Before the latest snapshot of 2.1 a week or two ago you could not set TCP options for a block rule.  Well you could specify them but if you ever did create such a rule pfsense would strip off the TCP options and block connections you didn't want to block.

          1 Reply Last reply Reply Quote 0
          • M
            mawi last edited by

            So at least it wasn't a silly question though…  :)

            Thanks for the comments/hints!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy