Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Allowed rule being blocked TCP:PA

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 4 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      firewalluser
      last edited by

      2.2.2-Release (AMD64)
      Built 13 Apr 20:10:22

      Does anyone know why two tcp packets TCP:PA were blocked (left hand screen attachment) when there was an allowed rule for this and all subsequent tcp packets were allowed as seen in the right hand screen attachment?

      Are the PA packets out of state packets by any chance as described here but showing TCP:FA, in the example?
      https://doc.pfsense.org/index.php/Why_do_my_logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection

      pfsenseconfigurator-2015-05-29-09-19-25.PNG
      pfsenseconfigurator-2015-05-29-09-19-25.PNG_thumb

      Capitalism, currently The World's best Entertainment Control System and YOU cant buy it! But you can buy this, or some of this or some of these

      Asch Conformity, mainly the blind leading the blind.

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        Most likely.

        1 Reply Last reply Reply Quote 0
        • H
          Harvy66
          last edited by

          I disabled logging on default block entirely because of this crap from my wife's droid phone.

          1 Reply Last reply Reply Quote 0
          • F
            firewalluser
            last edited by

            I was wondering if there is anything which can feed like a syslog message the rules being used when a packet passes through a bit like the option in the console, but ideally somewhere where I can log them for further analysis preferably in real time as some attacks can take place over weeks and months when time is not of the essence.

            Capitalism, currently The World's best Entertainment Control System and YOU cant buy it! But you can buy this, or some of this or some of these

            Asch Conformity, mainly the blind leading the blind.

            1 Reply Last reply Reply Quote 0
            • BBcan177B
              BBcan177 Moderator
              last edited by

              Security Onion is a Linux distro for intrusion detection, network security monitoring, and log management. It's based on Ubuntu and contains Snort, Suricata, Bro, OSSEC, Sguil, Squert, Snorby, ELSA, Xplico, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!

              http://blog.securityonion.net/p/securityonion.html

              "Experience is something you don't get until just after you need it."

              Website: http://pfBlockerNG.com
              Twitter: @BBcan177  #pfBlockerNG
              Reddit: https://www.reddit.com/r/pfBlockerNG/new/

              1 Reply Last reply Reply Quote 0
              • F
                firewalluser
                last edited by

                Now that you mention security onion I might have an iso I've downloaded … yep I've got 12.04.5 which looks like I downloaded it Sept last year. I'll fire it up and have a look. BTW re the PM I think I got to the bottom of the weird stuff as seen here. https://forum.pfsense.org/index.php?topic=94554.0 so I over the weekend I can look at your blocker again and give that a whirl.

                Capitalism, currently The World's best Entertainment Control System and YOU cant buy it! But you can buy this, or some of this or some of these

                Asch Conformity, mainly the blind leading the blind.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.