Firewall Logging Fragments



  • OK… I did a bit of searching for this and found a doc, but would like to be clear.

    In my firewall log I see entries like this:

    IF: LAN
    Source: Internal IP
    Destination: External IP and either port 443 or 80
    Proto: TCP

    The log message is:
    @3 scrub on ovpns2 all fragment reassemble
    @3 block drop in log inet all label "Default deny rule IPv4"

    ovpns2 is my OpenVPN server listening on TCP port 443
    WebGUI is on port 80 (internal only)

    The LAN interface has the default any any rule.

    The question is.... If states were being dropped shouldn't I see this originating on the WAN interface? The LAN interface should just be passing it...no? Also, why is my ovpns2 network port being listed here? Especially for traffic destined for port 80 - that really confuses me.

    I would really appreciate it if someone could explain this to me - and recommend the best way to remove it from my logs.

    Thank you for any help!


Log in to reply