Why is this being logged with this rule?



  • I'm seeing TONS of tnese:

    Action Time Interface Source Destination Protocol
    Apr 17 11:07:08 LAN   192.168.200.4:32469   192.168.201.14:60441 TCP:SA
    Apr 17 11:07:08 LAN   192.168.200.4:32469   192.168.201.14:60441 TCP:SA
    Apr 17 11:07:08 LAN   192.168.200.4:32469   192.168.201.14:60421 TCP:SA
    Apr 17 11:07:06 LAN   192.168.200.4:32469   192.168.201.20:55746 TCP:SA
    Apr 17 11:07:06 LAN   192.168.200.4:32469   192.168.201.17:42012 TCP:SA
    Apr 17 11:07:05 LAN   192.168.200.4:32469   192.168.201.14:60441 TCP:SA
    Apr 17 11:07:05 LAN   192.168.200.4:32469   192.168.201.14:60421 TCP:SA
    Apr 17 11:07:05 LAN   192.168.200.4:32469   192.168.201.14:60401 TCP:SA
    Apr 17 11:07:03 LAN   192.168.200.4:32469   192.168.201.20:55731 TCP:SA
    Apr 17 11:07:03 LAN   192.168.200.4:32469   192.168.201.20:55746 TCP:SA
    Apr 17 11:07:03 LAN   192.168.200.4:32469   192.168.201.17:42012 TCP:SA
    Apr 17 11:07:03 LAN   192.168.200.4:32469   192.168.201.17:42000 TCP:SA
    Apr 17 11:07:02 LAN   192.168.200.4:32469   192.168.201.14:60421 TCP:SA
    Apr 17 11:07:02 LAN   192.168.200.4:32469   192.168.201.14:60421 TCP:SA
    Apr 17 11:07:02 LAN   192.168.200.4:32469   192.168.201.14:60401 TCP:SA
    Apr 17 11:07:01 LAN   192.168.200.4:32469   192.168.201.20:55731 TCP:SA
    Apr 17 11:07:01 LAN   192.168.200.4:32469   192.168.201.20:55746 TCP:SA
    Apr 17 11:07:00 LAN   192.168.200.4:32469   192.168.201.17:42012 TCP:SA
    Apr 17 11:07:00 LAN   192.168.200.4:32469   192.168.201.17:42000 TCP:SA
    Apr 17 11:06:59 LAN   192.168.200.4:32469   192.168.201.14:60421 TCP:SA
    Apr 17 11:06:59 LAN   192.168.200.4:32469   192.168.201.14:60401 TCP:SA
    Apr 17 11:06:59 LAN   192.168.200.4:32469   192.168.201.14:60377 TCP:SA
    Apr 17 11:06:58 LAN   192.168.200.4:32469   192.168.201.17:42012 TCP:SA
    Apr 17 11:06:58 LAN   192.168.200.4:32469   192.168.201.20:55746 TCP:SA
    Apr 17 11:06:58 LAN   192.168.200.4:32469   192.168.201.20:55731 TCP:SA
    Apr 17 11:06:58 LAN   192.168.200.4:32469   192.168.201.20:55721 TCP:SA
    Apr 17 11:06:57 LAN   192.168.200.4:32469   192.168.201.17:41980 TCP:SA
    Apr 17 11:06:57 LAN   192.168.200.4:32469   192.168.201.17:42012 TCP:SA
    Apr 17 11:06:57 LAN   192.168.200.4:32469   192.168.201.17:42000 TCP:SA
    Apr 17 11:06:56 LAN   192.168.200.4:32469   192.168.201.14:60401 TCP:SA
    Apr 17 11:06:56 LAN   192.168.200.4:32469   192.168.201.14:60377 TCP:SA
    Apr 17 11:06:55 LAN   192.168.200.4:32469   192.168.201.20:55731 TCP:SA
    Apr 17 11:06:55 LAN   192.168.200.4:32469   192.168.201.20:55721 TCP:SA
    Apr 17 11:06:55 LAN   192.168.200.4:32469   192.168.201.20:55731 TCP:SA
    Apr 17 11:06:54 LAN   192.168.200.4:58930   192.168.201.17:49200 TCP:FA
    Apr 17 11:06:54 LAN   192.168.200.4:58929   192.168.201.17:49200 TCP:FA
    Apr 17 11:06:54 LAN   192.168.200.4:58928   192.168.201.17:49200 TCP:FA
    Apr 17 11:06:54 LAN   192.168.200.4:58923   192.168.201.20:49200 TCP:FA
    Apr 17 11:06:54 LAN   192.168.200.4:58922   192.168.201.20:49200 TCP:FA
    Apr 17 11:06:54 LAN   192.168.200.4:32469   192.168.201.17:41980 TCP:SA
    Apr 17 11:06:54 LAN   192.168.200.4:32469   192.168.201.17:42000 TCP:SA
    Apr 17 11:06:53 LAN   192.168.200.4:32469   192.168.201.14:60401 TCP:SA
    Apr 17 11:06:53 LAN   192.168.200.4:32469   192.168.201.14:60377 TCP:SA
    Apr 17 11:06:52 LAN   192.168.200.4:32469   192.168.201.17:42000 TCP:SA
    Apr 17 11:06:52 LAN   192.168.200.4:32469   192.168.201.20:56061 TCP:SA
    Apr 17 11:06:52 LAN   192.168.200.4:32469   192.168.201.20:55731 TCP:SA
    Apr 17 11:06:52 LAN   192.168.200.4:32469   192.168.201.20:55721 TCP:SA
    Apr 17 11:06:51 LAN   192.168.200.4:32469   192.168.201.17:41967 TCP:SA
    Apr 17 11:06:51 LAN   192.168.200.4:32469   192.168.201.17:42000 TCP:SA
    Apr 17 11:06:51 LAN   192.168.200.4:32469   192.168.201.17:41980 TCP:SA

    but I have these rules:
    3/21.13 MiB

        • LAN Address 80
          22 * * Anti-Lockout Rule
          10/38 KiB
          IPv4 TCP 192.168.200.4 * 192.168.201.20/22 * * none Easy Rule: Passed from Firewall Log View    
          180/20.73 GiB
          IPv4+6 * * * * * * none Default allow LAN to any rule    
          0/0 B
          IPv4+6 IGMP * * * * * none    
          0/0 B
          IPv4 * * * * * * none    
          Add

    WHY am I seeing these logs?

    I want the LAN/WIFI nets (bridged) to have free reign



  • All out of state packets get rejected by the default rule and logged if you have logged on your default rule enabled. You probably have asymmetric routing. PFSense is a stateful firewall. If PFSense never sees a SYN packet, it sure as hell won't allow the SYN-ACK packet. It enforces proper handshakes. If you have an asymetric router, then PFSense may only see packets flowing in one of the directions.



  • Interestingly, these are from Plex (the media server) to my Dish Network devices (Joey, Wireless Joey, Wireless Joey AP, Hopper 3).

    I'll see if I can figure out why stuff is "Out of State" from Plex on FreeBSD to the Dish Stuff.


Log in to reply