Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    FIN/RST packets blocked

    Scheduled Pinned Locked Moved
    Firewalling
    3
    4
    2.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mawi
      last edited by

      Hi,

      I hope this isn't a silly question, but I didn't find out by myself and it might be a peace of cake for somebody more experienced with pfSense:
      Looking in the firewall log I see that all TCP:FA or TCP:RA pakets are blocked. I don't find any setting or rule to do so and honestly, I don't see a reason to block packages which (to my understanding) just terminate an existing TCP connection. I don't consider this as an issue but I'd appreciate if anybody could enlighten me… and I'd like to get rid of the logging entries!

      Thx!

      I don't think this is important, but just for the records: 2.0.1-RELEASE (i386) / FreeBSD 8.1-RELEASE-p6

      Best regards,
      Markus

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Probably this: http://doc.pfsense.org/index.php/Logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection,_why%3F

        Most likely, the connections were already allowed, but the states were removed, and then after the states were removed, another packet came through. Especially common if transparent squid is involved.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • A
          adam65535
          last edited by

          When 2.1 is released you will be able to not log those leftover packets from a previous connection by blocking the TCP packets with certain TCP Options set right at the beginning of your rule base.  This was not possible until a recent change was made on a 2.1 RC snapshot.
          See… http://forum.pfsense.org/index.php/topic,63449.msg343455.html#msg343455

          Note the above discussion blocks without logging the leftover FIN/ACK packets.  If you want to also not log the FIN/RST packets you would need to create another rule but with the TCP flags settings changed to TCP Flags: SET:FIN,RST  OUTOF:FIN,SYN,RST,ACK,URG.

          Before the latest snapshot of 2.1 a week or two ago you could not set TCP options for a block rule.  Well you could specify them but if you ever did create such a rule pfsense would strip off the TCP options and block connections you didn't want to block.

          1 Reply Last reply Reply Quote 0
          • M
            mawi
            last edited by

            So at least it wasn't a silly question though…  :)

            Thanks for the comments/hints!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post