Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Black Arrow in IF column in log

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T Offline
      terryp
      last edited by

      I have an ATT router and the WAN port of my PfSense box is connected to port 1 of that router, and it is set up as DMZ in the ATT router so the PfSense WAN IP is my actual Internet IP address. I have a lot of entries in the Firewall log that has a black arrow and "WAN" in the Interface column (see attached image) and the Source is my WAN IP and the target is an Internet external IP. The protocol is always TCP:FA or TCP:RA. Can someone please tell me what the black arrow in the IF column of the Firewall log is? Thank you in advance.
      log_interface.jpg

      1 Reply Last reply Reply Quote 0
      • jimpJ Offline
        jimp Rebel Alliance Developer Netgate
        last edited by

        The arrow means it's being blocked in the Outbound direction.

        https://doc.pfsense.org/index.php/Why_do_my_logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection
        https://doc.pfsense.org/index.php/Asymmetric_Routing_and_Firewall_Rules

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • T Offline
          terryp
          last edited by

          Thank you for the response. I had already researched and saw the page at the link you provided and went through the processes there. It did not resolve the issue.

          I have set no-logged firewall rules both allowing and blocking the WAN interface (one at a time, not both at once) outbound access to any host, internal or external, using any protocol as well as TCP / all flags allowed, as a test. It still blocks it and logs it, telling me that the rule is not applying.

          I believe the issue lies with a wireless router I have. I had flashed a Linksys/Cisco wireless router with DD-WRT and used one of their guides to set it up as a "dumb" switch. I then connected it to VLAN16 (192.168.16.0/24). All communications work well to and from the wireless hosts (ping, Internet access, etc).

          These log entries only appear when a wireless host is connected (such as a laptop or cell phone) and 90% of the external hosts are Google servers (the are all android phones). So, I'm thinking it has something to do with the setup on the router. I'm looking further into it at DD-WRT's website. Thanks again for your response.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.