Why is this being logged with this rule?
-
I'm seeing TONS of tnese:
Action Time Interface Source Destination Protocol
Apr 17 11:07:08 LAN 192.168.200.4:32469 192.168.201.14:60441 TCP:SA
Apr 17 11:07:08 LAN 192.168.200.4:32469 192.168.201.14:60441 TCP:SA
Apr 17 11:07:08 LAN 192.168.200.4:32469 192.168.201.14:60421 TCP:SA
Apr 17 11:07:06 LAN 192.168.200.4:32469 192.168.201.20:55746 TCP:SA
Apr 17 11:07:06 LAN 192.168.200.4:32469 192.168.201.17:42012 TCP:SA
Apr 17 11:07:05 LAN 192.168.200.4:32469 192.168.201.14:60441 TCP:SA
Apr 17 11:07:05 LAN 192.168.200.4:32469 192.168.201.14:60421 TCP:SA
Apr 17 11:07:05 LAN 192.168.200.4:32469 192.168.201.14:60401 TCP:SA
Apr 17 11:07:03 LAN 192.168.200.4:32469 192.168.201.20:55731 TCP:SA
Apr 17 11:07:03 LAN 192.168.200.4:32469 192.168.201.20:55746 TCP:SA
Apr 17 11:07:03 LAN 192.168.200.4:32469 192.168.201.17:42012 TCP:SA
Apr 17 11:07:03 LAN 192.168.200.4:32469 192.168.201.17:42000 TCP:SA
Apr 17 11:07:02 LAN 192.168.200.4:32469 192.168.201.14:60421 TCP:SA
Apr 17 11:07:02 LAN 192.168.200.4:32469 192.168.201.14:60421 TCP:SA
Apr 17 11:07:02 LAN 192.168.200.4:32469 192.168.201.14:60401 TCP:SA
Apr 17 11:07:01 LAN 192.168.200.4:32469 192.168.201.20:55731 TCP:SA
Apr 17 11:07:01 LAN 192.168.200.4:32469 192.168.201.20:55746 TCP:SA
Apr 17 11:07:00 LAN 192.168.200.4:32469 192.168.201.17:42012 TCP:SA
Apr 17 11:07:00 LAN 192.168.200.4:32469 192.168.201.17:42000 TCP:SA
Apr 17 11:06:59 LAN 192.168.200.4:32469 192.168.201.14:60421 TCP:SA
Apr 17 11:06:59 LAN 192.168.200.4:32469 192.168.201.14:60401 TCP:SA
Apr 17 11:06:59 LAN 192.168.200.4:32469 192.168.201.14:60377 TCP:SA
Apr 17 11:06:58 LAN 192.168.200.4:32469 192.168.201.17:42012 TCP:SA
Apr 17 11:06:58 LAN 192.168.200.4:32469 192.168.201.20:55746 TCP:SA
Apr 17 11:06:58 LAN 192.168.200.4:32469 192.168.201.20:55731 TCP:SA
Apr 17 11:06:58 LAN 192.168.200.4:32469 192.168.201.20:55721 TCP:SA
Apr 17 11:06:57 LAN 192.168.200.4:32469 192.168.201.17:41980 TCP:SA
Apr 17 11:06:57 LAN 192.168.200.4:32469 192.168.201.17:42012 TCP:SA
Apr 17 11:06:57 LAN 192.168.200.4:32469 192.168.201.17:42000 TCP:SA
Apr 17 11:06:56 LAN 192.168.200.4:32469 192.168.201.14:60401 TCP:SA
Apr 17 11:06:56 LAN 192.168.200.4:32469 192.168.201.14:60377 TCP:SA
Apr 17 11:06:55 LAN 192.168.200.4:32469 192.168.201.20:55731 TCP:SA
Apr 17 11:06:55 LAN 192.168.200.4:32469 192.168.201.20:55721 TCP:SA
Apr 17 11:06:55 LAN 192.168.200.4:32469 192.168.201.20:55731 TCP:SA
Apr 17 11:06:54 LAN 192.168.200.4:58930 192.168.201.17:49200 TCP:FA
Apr 17 11:06:54 LAN 192.168.200.4:58929 192.168.201.17:49200 TCP:FA
Apr 17 11:06:54 LAN 192.168.200.4:58928 192.168.201.17:49200 TCP:FA
Apr 17 11:06:54 LAN 192.168.200.4:58923 192.168.201.20:49200 TCP:FA
Apr 17 11:06:54 LAN 192.168.200.4:58922 192.168.201.20:49200 TCP:FA
Apr 17 11:06:54 LAN 192.168.200.4:32469 192.168.201.17:41980 TCP:SA
Apr 17 11:06:54 LAN 192.168.200.4:32469 192.168.201.17:42000 TCP:SA
Apr 17 11:06:53 LAN 192.168.200.4:32469 192.168.201.14:60401 TCP:SA
Apr 17 11:06:53 LAN 192.168.200.4:32469 192.168.201.14:60377 TCP:SA
Apr 17 11:06:52 LAN 192.168.200.4:32469 192.168.201.17:42000 TCP:SA
Apr 17 11:06:52 LAN 192.168.200.4:32469 192.168.201.20:56061 TCP:SA
Apr 17 11:06:52 LAN 192.168.200.4:32469 192.168.201.20:55731 TCP:SA
Apr 17 11:06:52 LAN 192.168.200.4:32469 192.168.201.20:55721 TCP:SA
Apr 17 11:06:51 LAN 192.168.200.4:32469 192.168.201.17:41967 TCP:SA
Apr 17 11:06:51 LAN 192.168.200.4:32469 192.168.201.17:42000 TCP:SA
Apr 17 11:06:51 LAN 192.168.200.4:32469 192.168.201.17:41980 TCP:SAbut I have these rules:
3/21.13 MiB-
-
- LAN Address 80
22 * * Anti-Lockout Rule
10/38 KiB
IPv4 TCP 192.168.200.4 * 192.168.201.20/22 * * none Easy Rule: Passed from Firewall Log View
180/20.73 GiB
IPv4+6 * * * * * * none Default allow LAN to any rule
0/0 B
IPv4+6 IGMP * * * * * none
0/0 B
IPv4 * * * * * * none
Add
- LAN Address 80
-
WHY am I seeing these logs?
I want the LAN/WIFI nets (bridged) to have free reign
-
-
All out of state packets get rejected by the default rule and logged if you have logged on your default rule enabled. You probably have asymmetric routing. PFSense is a stateful firewall. If PFSense never sees a SYN packet, it sure as hell won't allow the SYN-ACK packet. It enforces proper handshakes. If you have an asymetric router, then PFSense may only see packets flowing in one of the directions.
-
Interestingly, these are from Plex (the media server) to my Dish Network devices (Joey, Wireless Joey, Wireless Joey AP, Hopper 3).
I'll see if I can figure out why stuff is "Out of State" from Plex on FreeBSD to the Dish Stuff.