OPNsense Forum

Archive => 17.7 Legacy Series => Topic started by: JohnDoe17 on September 26, 2017, 09:21:07 pm

Title: Meaning of letters in the Firewall Log Files "Proto" field
Post by: JohnDoe17 on September 26, 2017, 09:21:07 pm: What does "TCP:SEC" mean in the Firewall Log Files "Proto" field?

I think the "S" means "Syn," but does "E" mean "ECE" and "C" mean "CWR"

OR

is it "S" and "EC" for "Syn" and "ECE"?

I have a lot of this kind of stuff in my Firewall Log files. Is that normal?

[Edited to add]: Also, do I need to be creating rules to allow this type of traffic? Or are simple rules to allow only "Syns" sufficient?

Thanks.
Title: Re: Meaning of letters in the Firewall Log Files "Proto" field
Post by: franco on September 27, 2017, 06:44:24 am: Hi,

There is a prominent help text on the standard log view header right below the filter options:

TCP Flags: F - FIN, S - SYN, A or . - ACK, R - RST, P - PSH, U - URG, E - ECE, W - CWR

And yes, TCP works this way. :)

Cheers,
Franco

SMF 2.0.19 | SMF © 2021, Simple Machines
Privacy Policy