Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: dsduarte on November 07, 2023, 04:35:44 AM

Title: Traffic blocked by "Default deny / state violation rule"
Post by: dsduarte on November 07, 2023, 04:35:44 AM
Hi guys...

I found some traffic been blocked on my OPNSense Firewall but I'm not sure why...
On the attached picture there is an example...
There is a LAN IP trying to reach an IP on the Internet and also there is traffic between IP's on the same subnet..
There is no rule on LAN or WAN to reject this traffic so I think by the label its due to some "state violation rule".
Can you help me to find out why these traffic is been blocked?


Thanks!

(http://firewall.png)
Title: Re: Traffic blocked by "Default deny / state violation rule"
Post by: zan on November 07, 2023, 06:28:39 AM
Most likely out-of-state packets.
Check the blocked packets "tcpflags", if they are RA, FA, PA etc you can safely ignore those.
Title: Re: Traffic blocked by "Default deny / state violation rule"
Post by: dsduarte on November 07, 2023, 08:36:58 AM
I have found PA and FA.... Tks!!!

Now I need to research what that means!   :-X
Text only | Text with Images