346
20.7 Legacy Series / Why does the firewall sometimes flag blocked packets that are actually allowed?
« on: November 25, 2020, 03:41:21 pm »
Hi,
Unsure why sometimes the firewall logs show that packets are blocked when I have a rule that allows these packets outbound (443 is allowed outbound from any source on my network, and indeed i can browse https sites )
I have attached a screenshot of an example. I have a rule that allows 443 outbound and am 100% sure it is working as this only happens very infrequently that I see these packets. I dont detect anything not working and can browse sites on https anytime without issue so am not clear what it is blocking.
Here is the detail of 1 of the packets in the below screenshot:
__timestamp__ Nov 25 09:27:05
ack 3986972122
action [block]
anchorname
datalen 1395
dir [in]
dst 13.107.42.12
dstport 443
ecn
id 0
interface vtnet1
interface_name lan
ipflags DF
label Default block LAN to any rule
length 1435
offset 0
proto 6
protoname tcp
reason match
rid da7b834f8d727a70d52f48cc6b111da3
ridentifier 0
rulenr 324
seq 3973428692:3973430087
src 192.168.2.53
srcport 56922
subrulenr
tcpflags PA
tcpopts
tos 0x0
ttl 64
urp 4096
version 4
Unsure why sometimes the firewall logs show that packets are blocked when I have a rule that allows these packets outbound (443 is allowed outbound from any source on my network, and indeed i can browse https sites )
I have attached a screenshot of an example. I have a rule that allows 443 outbound and am 100% sure it is working as this only happens very infrequently that I see these packets. I dont detect anything not working and can browse sites on https anytime without issue so am not clear what it is blocking.
Here is the detail of 1 of the packets in the below screenshot:
__timestamp__ Nov 25 09:27:05
ack 3986972122
action [block]
anchorname
datalen 1395
dir [in]
dst 13.107.42.12
dstport 443
ecn
id 0
interface vtnet1
interface_name lan
ipflags DF
label Default block LAN to any rule
length 1435
offset 0
proto 6
protoname tcp
reason match
rid da7b834f8d727a70d52f48cc6b111da3
ridentifier 0
rulenr 324
seq 3973428692:3973430087
src 192.168.2.53
srcport 56922
subrulenr
tcpflags PA
tcpopts
tos 0x0
ttl 64
urp 4096
version 4