pfSense English Support > Firewalling

Default deny rule IPv4

(1/2) > >>

CLOUDFACILE:
Hello everyone, I have a firewall pfsense community edition 2.4.2-RELEASE-p1.
Today, suddenly, the firewall has begun to block traffic to one of our webservers.
On pfsense I installed reverse proxy to manage the addressing to different webservers.
In the firewall logs I find this line Default deny rule IPv4 (1000000103) or Default deny rule IPv4 (1000000104) for the TCP: R protocol.
I can not understand why this happened suddenly, until this morning everything worked and it's been months that everything worked perfectly.
Has anyone encountered this problem and can help me solve it?
Thank you and good job to everybody.
Luke

slim2016:
https://forum.pfsense.org/index.php?topic=17029.msg88467#msg88467

Just out curiosity have you tried rebooting everything?

CLOUDFACILE:
Hi I have already read this post, but my problem persists.
I have already restarted everything, but nothing changes, the firewall continues to block the TCP: R without any reason and prevents the resource from working.
Thanks.

johnpoz:
"TCP: R"

So a RST (reset)..  Yeah that is going to be blocked if there is no state.. And if there was a state that normally tears it down the FAST way... Normally tcp sessions are ended all nice and proper with a fin, fin,ack and everyone is done talking and the firewall sees this and removes the state..  Do you understand what a state is and how a tcp session is created and torn down?

A RST in a nutshell in TCP a shut the F up sort of way of tearing down the session.

What exactly is not working?  And we can move forward in fixing your problem...  But your default rule blocking out of state traffic is normal..
https://doc.pfsense.org/index.php/Why_do_my_logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection

CLOUDFACILE:
Hello,
I thank you for the answer and I attach 3 pages with screenshots and my comments to better explain the configuration of pfsense and the problem.

Navigation

[0] Message Index

[#] Next page

Go to full version