Firewall Blocking TCP:S
I have a PFsense 2.1 .
I have a WAN interface Bridged with My DMZ interface.
My Firewall rules are in the WAN interface. ( DMZ is allow all )
In the firewall rules i allow port 80 , but i am getting a lot of these blocks in the logs
TCP:S and TCP:FA
In system advanced firewall i added this rule : Bypass firewall rules for traffic on the same interface
In the firewall rules TCP FLags I enabled and disabled any flags to see if it has made a difference…
Can anyone help me out here?
GruensFroeschli last edited by
Hi yes i read those posts, and wanted to check out the docs but:
There is currently no text in this page. You can search for this page title in other pages, or search the related logs.
When you have a allow rule and in advanced checked the TCP flags it should allow them right?
Those would explain FA blocks, what do you mean there is no text in this page.. Those above links work fine for me.
If your blocking S packets you don't have a rule to allow the traffic would be my guess. You say you have a bridge between wan and dmz. So is the traffic hitting the bridge interface or your wan interface?
What rules do you have on your bridge?
jimp refers to a docs in the forum topic:
That is part of a connection teardown. It's not blocking any user data.
http://doc.pfsense.org/index.php/Logs_show_"blocked"_for_traffic_from_a_legitimate_connection,_why%3F <– this link does work
My Traffic is hitting the WAN section . Where my rules are.
I Will check it out by disabling some rules
So FAs yeah normally mean out of state issue.. But Syn should be allowed if your firewall rules/forwards allow for it.
So post up your rules and or forwards and lets take a look see.