Pf drop parcket from lan to wan



  • Hi,

    We have set up a pf sense, the firewall rule in all the vlans are allowing any to outside.

    IPv4 * * * * * Failover none

    But sometimes we saw that the firewall block some traffic from some vlans to outside ( google for example) .

    block/1000145493
    Oct 29 09:40:09 WIFI Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 172.15.0.162:49740 Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 54.235.126.205:443

    Oct 29 09:42:26 WIPLAW Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 10.1.214.10:56676 Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 173.194.67.95:443 TCP:PA
    block/1000145493
    Oct 29 09:42:26 WIPLAW Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 10.1.214.10:39588 Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 173.194.45.39:443 TCP:PA
    block/1000145493
    Oct 29 09:42:26 WIPLAW Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 10.1.214.10:39588 Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 173.194.45.39:443 TCP:FA
    block/1000145493
    Oct 29 09:42:27 WIPLAW Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 10.1.214.10:56676 Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 173.194.67.95:443 TCP:PA
    block/1000145493
    Oct 29 09:42:27 WIPLAW Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 10.1.214.10:39588 Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 173.194.45.39:443 TCP:FA
    block/1000145493
    Oct 29 09:42:27 WIPLAW Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 10.1.214.10:56676 Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 173.194.67.95:443 TCP:PA
    block/1000145493
    Oct 29 09:42:28 WIPLAW Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 10.1.214.10:56676 Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 173.194.67.95:443 TCP:PA
    block/1000145493
    Oct 29 09:42:28 WIPLAW Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 10.1.214.10:39317 Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 216.58.209.228:443 TCP:PA
    block/1000145493
    Oct 29 09:42:29 WIPLAW Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 10.1.214.10:39588 Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 173.194.45.39:443 TCP:FPA
    block/1000145493
    Oct 29 09:42:30 WIPLAW Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 10.1.214.10:56676 Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 173.194.67.95:443 TCP:PA

    If i click on the reason whay the rules was applied, i get the message:

    The rule that triggered this action is:
    @9(1000145493) block drop in log inet all label "Default deny rule IPV4"

    Any idea where is that rule set up ?

    Thx


  • Banned


Log in to reply