Hi!
(On an appliance being the http(s) and SOCKS proxy bastion) I'm bombarded by "default deny/state violation" entries in my log. As the system is basically running on a permit any to any rule the cause should be the state violations. To understand where/how they are generated I would need a way to see them first so
does anyone have a tcpdump filter expression that will select all the relevant traffic?
Achim