Firewall rejecting connections that should't be

Started by isamudaison, January 28, 2022, 02:54:03 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 28, 2022, 02:54:03 AM
I've been seeing very random firewall enforcement with 22.1 of the 'default deny all' rule when it surely should not be.

The 'default deny all' rule is the auto-generated one, that (according to the UI) should be evaluated 'last', therefore any rule tagged as 'evaluate first' should win over it.

I have an interface called LanSecondary, that has as a floating rule the default, 'deny all' rule (as is usual). I also have the 'allow all' rule such that:

Code Select
IPv4 * LANSecondary net * * * * *


This states that any traffic with a source of something on the LanSecondary network should be allowed to pass 'wherever', am I correct in that assumption?


I'm seeing occasional firewall entries as such:

Code Select
LANSecondary 2022-01-27T17:45:42-08:00 192.168.2.53:41968 142.251.33.74:443 tcp Default deny rule

Which is blocking traffic that is on the LanSecondary interface, with a *source* of a client on the LANSecondary network, going to 'wherever'. Am I crazy or is this explicitly the condition that should be PASSED due to the defined rule on the LANSecondary interface?
January 28, 2022, 04:09:51 AM #1 Last Edit: January 28, 2022, 04:11:32 AM by isamudaison
It seems to be randomly affecting all my interfaces, more examples:

Rules for my WIFIIOT firewall interface:



Edit: looks like the 'img' tag isn't working: https://ibb.co/717M4p6

Entry in the firewall log showing it blocking for some reason:



Image of blocking: https://ibb.co/0MY3g4s

I feel like I'm taking crazy pills!
January 28, 2022, 06:18:39 AM #2
Can you check the tcp flags in the details? Most of the time they are lost "F" packets where a session was already closed, firewall clears table and then there is one last byte (which doesn't hurt in any way)
January 28, 2022, 06:36:24 AM #3
I'm seeing a smattering of the following:

RA
PA
FPA

I only ask about these because there are certain apps on my phone that don't seem to be working and there seems to be a correspondence with these block entries.
January 28, 2022, 09:33:59 AM #4
There are many many threads about why stateful rules will eventually drop the connection for out of sequence packets or already closed connections which is what the default rule will block. Phones are especially silly with their stacks as they try to cope with power saving mode and will eventually repeat packets or miss a connection end.

There is likely a problem, but it's not the stateful firewall blocking stray packets from connections that are already terminated.


Cheers,
Franco
Print
Go Up Pages1
User actions