Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Direction=OUT

    Scheduled Pinned Locked Moved Firewalling
    7 Posts 4 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R Offline
      rands.rodriguez
      last edited by

      Hi there,

      I've been seeing this thing a lot lately. Any idea what does this one mean?

      Regards,
      Capture.PNG
      Capture.PNG_thumb

      1 Reply Last reply Reply Quote 0
      • jimpJ Offline
        jimp Rebel Alliance Developer Netgate
        last edited by

        Usually it means that a packet tried to flow back and the original state had been removed.

        You'll see that a lot with squid or some other similar transparent proxy active.

        https://doc.pfsense.org/index.php/Why_do_my_logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection

        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • R Offline
          rands.rodriguez
          last edited by

          Hi jimp!

          Thanks for the assistance. I'm just wondering why this IP 192.168.0.182 looks like its trying to connect to multiple IP. In my network i see 4 of these IP having this strange connections.

          1 Reply Last reply Reply Quote 0
          • C Offline
            cmb
            last edited by

            That particular screenshot looks to be bittorrent traffic blocked out of state, which would explain large numbers of connections and relative frequency of out of state traffic.

            1 Reply Last reply Reply Quote 0
            • R Offline
              rands.rodriguez
              last edited by

              I also have these in my pfTop and its scrolling very fast.

              ![firewall log.jpg](/public/imported_attachments/1/firewall log.jpg)
              ![firewall log.jpg_thumb](/public/imported_attachments/1/firewall log.jpg_thumb)

              1 Reply Last reply Reply Quote 0
              • N Offline
                Nucleus
                last edited by

                Can someone please explain to me why the packets would make it to the LAN adapter if the state was removed?
                Shouldn't it be blocked at the WAN adapter and logged as such? Or is it showing the LAN adapter because that was where the state originated?

                1 Reply Last reply Reply Quote 0
                • jimpJ Offline
                  jimp Rebel Alliance Developer Netgate
                  last edited by

                  Most likely, the NAT state may have still been there (UPnP perhaps?) but the actual firewall state was gone.

                  Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                  Need help fast? Netgate Global Support!

                  Do not Chat/PM for help!

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.