On Mon, Feb 28, 2011 at 12:51 PM, Dimitri Rodis < [email protected]> wrote:
> *2.0-BETA5 *(i386) built on Mon Feb 21 15:43:32 EST 2011 > > > > > > > > I am seeing the above occur maybe once a day or once every other day, but > the source IP address is in an alias that is a list of aliases (and that > list contains my mail server aliases). Whenever I see this, I manually try > to telnet to the same IP on port 25 and the traffic is passed, yet the mail > server shows a failed connection attempt in the logs which coincides with > the firewall log as above. I have a rule that explicitly allows port tcp/25 > as a destination from my inbound mail servers alias group, and then there is > a rule right beneath that rule that explicitly blocks outbound SMTP from all > IP addresses on the subnet, and I have logging turned on for that rule. So, > the rule beneath the one that should be triggered is being triggered > instead. > > > > Is there a Bug/Race condition in rule evaluation?? > No, those are RSTs and FINs coming after the state is closed, expected behavior. http://doc.pfsense.org/index.php/Logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection,_why%3F <http://doc.pfsense.org/index.php/Logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection,_why%3F>
<<image001.png>>
