Pf drop parcket from lan to wan
-
Hi,
We have set up a pf sense, the firewall rule in all the vlans are allowing any to outside.
IPv4 * * * * * Failover none
But sometimes we saw that the firewall block some traffic from some vlans to outside ( google for example) .
block/1000145493
Oct 29 09:40:09 WIFI Icon Reverse Resolve with DNS Icon Easy Rule: Add to Block List 172.15.0.162:49740 Icon Reverse Resolve with DNS Icon Easy Rule: Pass this traffic 54.235.126.205:443Oct 29 09:42:26 WIPLAW Icon Reverse Resolve with DNS Icon Easy Rule: Add to Block List 10.1.214.10:56676 Icon Reverse Resolve with DNS Icon Easy Rule: Pass this traffic 173.194.67.95:443 TCP:PA
block/1000145493
Oct 29 09:42:26 WIPLAW Icon Reverse Resolve with DNS Icon Easy Rule: Add to Block List 10.1.214.10:39588 Icon Reverse Resolve with DNS Icon Easy Rule: Pass this traffic 173.194.45.39:443 TCP:PA
block/1000145493
Oct 29 09:42:26 WIPLAW Icon Reverse Resolve with DNS Icon Easy Rule: Add to Block List 10.1.214.10:39588 Icon Reverse Resolve with DNS Icon Easy Rule: Pass this traffic 173.194.45.39:443 TCP:FA
block/1000145493
Oct 29 09:42:27 WIPLAW Icon Reverse Resolve with DNS Icon Easy Rule: Add to Block List 10.1.214.10:56676 Icon Reverse Resolve with DNS Icon Easy Rule: Pass this traffic 173.194.67.95:443 TCP:PA
block/1000145493
Oct 29 09:42:27 WIPLAW Icon Reverse Resolve with DNS Icon Easy Rule: Add to Block List 10.1.214.10:39588 Icon Reverse Resolve with DNS Icon Easy Rule: Pass this traffic 173.194.45.39:443 TCP:FA
block/1000145493
Oct 29 09:42:27 WIPLAW Icon Reverse Resolve with DNS Icon Easy Rule: Add to Block List 10.1.214.10:56676 Icon Reverse Resolve with DNS Icon Easy Rule: Pass this traffic 173.194.67.95:443 TCP:PA
block/1000145493
Oct 29 09:42:28 WIPLAW Icon Reverse Resolve with DNS Icon Easy Rule: Add to Block List 10.1.214.10:56676 Icon Reverse Resolve with DNS Icon Easy Rule: Pass this traffic 173.194.67.95:443 TCP:PA
block/1000145493
Oct 29 09:42:28 WIPLAW Icon Reverse Resolve with DNS Icon Easy Rule: Add to Block List 10.1.214.10:39317 Icon Reverse Resolve with DNS Icon Easy Rule: Pass this traffic 216.58.209.228:443 TCP:PA
block/1000145493
Oct 29 09:42:29 WIPLAW Icon Reverse Resolve with DNS Icon Easy Rule: Add to Block List 10.1.214.10:39588 Icon Reverse Resolve with DNS Icon Easy Rule: Pass this traffic 173.194.45.39:443 TCP:FPA
block/1000145493
Oct 29 09:42:30 WIPLAW Icon Reverse Resolve with DNS Icon Easy Rule: Add to Block List 10.1.214.10:56676 Icon Reverse Resolve with DNS Icon Easy Rule: Pass this traffic 173.194.67.95:443 TCP:PAIf i click on the reason whay the rules was applied, i get the message:
The rule that triggered this action is:
@9(1000145493) block drop in log inet all label "Default deny rule IPV4"Any idea where is that rule set up ?
Thx
-
https://doc.pfsense.org/index.php/Why_do_my_logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection