Can someone translate the state violation rule into a tcpdump expression?

noses · July 02, 2024, 01:35:10 PM

Hi!

(On an appliance being the http(s) and SOCKS proxy bastion) I'm bombarded by "default deny/state violation" entries in my log. As the system is basically running on a permit any to any rule the cause should be the state violations. To understand where/how they are generated I would need a way to see them first so

does anyone have a tcpdump filter expression that will select all the relevant traffic?

Achim

Can someone translate the state violation rule into a tcpdump expression?

noses

July 02, 2024, 01:35:10 PM