Firewall blocks, even though a rule is set to allow *
-
block/1000000101
Dec 23 16:05:59 TWCFIBER Icon Reverse Resolve with DNS Icon Easy Rule: Add to Block List 109.123.xxx.xxx:80 Icon Reverse Resolve with DNS Icon Easy Rule: Pass this traffic 108.176.xxx.xxx:27226 TCP:SAThis is showing up in the firewall logs, but I have a * * * * * firewall entry setup for the interface to allow all ipv4 on all protocols for this destination address.
Any idea why this would be happening?
Background:
2 WAN coming in. Phone server connected to WAN1.
WAN1 and Phone server are using two public static ip addresses. Phone server is plugged into its own physical nic on the pfsense. That nic is bridged to WAN1.
-
TCP:SA
Out of state traffic would be my guess
post screenshots vs text, It is very difficult to make sense out of non aligned text, etc..
https://doc.pfsense.org/index.php/Why_do_my_logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection
Since you mention 2 wan I would guess asynchronous routing could be causing part of your problem.
-
TCP:SA
Out of state traffic would be my guess
post screenshots vs text, It is very difficult to make sense out of non aligned text, etc..
https://doc.pfsense.org/index.php/Why_do_my_logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection
Since you mention 2 wan I would guess asynchronous routing could be causing part of your problem.
I believe your right, but how do you solve that situation?
-
Is there a problem to solve?
I see many hits like this and have no issues otherwise. That said I never used to see these hits, has something changed?
Steve
-
Yes out of state traffic is going to happen if you have 1 wan or multiple wan. I see them mostly from son's phone = possible when it switches from cell to wifi and thinks it still has session with whatever it was talking to, and doesn't setup a new state, etc.
Out of state traffic is bound to happen, just part of tcp and firewalls. Its nothing to worry about.. If you don't want it in your logs - turn off logging of the default rule will remove lots of noise ;)