OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 17.7 Legacy Series »
  • Meaning of letters in the Firewall Log Files "Proto" field
« previous next »
  • Print
Pages: [1]

Author Topic: Meaning of letters in the Firewall Log Files "Proto" field  (Read 2604 times)

JohnDoe17

  • Newbie
  • *
  • Posts: 37
  • Karma: 5
    • View Profile
Meaning of letters in the Firewall Log Files "Proto" field
« on: September 26, 2017, 09:21:07 pm »
What does "TCP:SEC" mean in the Firewall Log Files "Proto" field?

I think the "S" means "Syn," but does "E" mean "ECE" and "C" mean "CWR"

OR

is it "S" and "EC" for "Syn" and "ECE"?

I have a lot of this kind of stuff in my Firewall Log files.  Is that normal?

[Edited to add]: Also, do I need to be creating rules to allow this type of traffic?  Or are simple rules to allow only "Syns" sufficient?

Thanks.
« Last Edit: September 26, 2017, 09:23:59 pm by JohnDoe17 »
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13986
  • Karma: 1211
    • View Profile
Re: Meaning of letters in the Firewall Log Files "Proto" field
« Reply #1 on: September 27, 2017, 06:44:24 am »
Hi,

There is a prominent help text on the standard log view header right below the filter options:

TCP Flags: F - FIN, S - SYN, A or . - ACK, R - RST, P - PSH, U - URG, E - ECE, W - CWR

And yes, TCP works this way. :)


Cheers,
Franco
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 17.7 Legacy Series »
  • Meaning of letters in the Firewall Log Files "Proto" field
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2