[SOLVED] What am I missing? Rule not working.
-
I have an interface named DMZ. There is a firewall rule to allow everything from "DMZ net" to any (except the LAN). But I'm seeing messages in the firewall log saying that traffic from the DMZ subnet is being blocked by a rule below that Allow rule. Why isn't the Allow rule matching that traffic, which should stop rule processing before it reaches the Block rule?
Screenshots attached.
-
It's probably an out of state TCP Reset ACK being blocked. Nothing to worry about.
-
Thank you! I did some research on "out of state" packets and found this:
https://doc.pfsense.org/index.php/Why_do_my_logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection
and
https://forum.pfsense.org/index.php?topic=84331.0Now I understand why the packets were matching my Rule#4 instead of Rule#3: Allow * doesn't apply to TCP packets unless they are already in a valid state or are a SYN.
Thanks again.