Netgate SG-1000 microFirewall

Author Topic: Out of state packets  (Read 96 times)

0 Members and 1 Guest are viewing this topic.

Offline vmaxx

  • Newbie
  • *
  • Posts: 12
  • Karma: +0/-0
    • View Profile
Out of state packets
« on: March 06, 2018, 01:01:26 pm »
I am having an issue with some traffic getting blocked due to packets with TCP flags, PA, RA, etc. I have read some posts here on the subject and tried their suggestions, conservative setting, setting different TCP flags in advanced settings but some packets are still getting blocked. The IPs & ports in the rules are set to pass. I think these packets are causing issues with some apps and am hoping to find how to allow these packets through. My rules are basically a white list. Individual rules of what can pass through followed by a rule blocking everything for specific machines on my internal network.

Any idea what I can do in a rule to stop these packets from being blocked?

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 10055
  • Karma: +1136/-312
    • View Profile
Re: Out of state packets
« Reply #1 on: March 06, 2018, 01:06:08 pm »
Figure out why the state is being closed.

An established TCP state will not expire for 24 hours of ZERO traffic using the default firewall settings.

If the state is no longer there it is because either side has closed it.

More info here:
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!