Rule being ignored occasionally?

Started by Evert, March 13, 2024, 09:36:16 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 13, 2024, 09:36:16 AM
Hi all,

We have an interface named OFFICE where we allow anyone who is on the associated subnet (192.168.24.x) to connect to * on port 80 & 443 (TCP/UDP).
At the bottom of the rule list for this interface there's a rule blocking any traffic from OFFICE to !OFFICE.

When I enable logging on that last rule, I occasionally see requests from OFFICE to external hosts on 443/TCP (occasionally 80/TCP) being blocked.

Why would that traffic reach that rule, given that I allow all traffic on ports 80 and 443 higher up in the rule list?
--
Regards,
   Evert
March 13, 2024, 03:05:48 PM #1
Most likely out-of-state traffic. What are the 'tcpflags' of blocked packets?
March 13, 2024, 03:55:43 PM #2
I have a rule that ALLOWS traffic to 443, that has started to be blocked! Logs report that packet has been dropped cause "Default deny / state violation rule"

Is there some big problem?

March 14, 2024, 10:59:09 AM #3
Quote from: zan on March 13, 2024, 03:05:48 PM
Most likely out-of-state traffic. What are the 'tcpflags' of blocked packets?

PA, FPA, RA or A. It varies.
--
Regards,
   Evert
Print
Go Up Pages1
User actions