I've been watching my live packet filter logs and notice that there are a lot of incoming packets being blocked which are explicitly allowed via Packet Filter rules. Do the PF rules show blocked IPS packets as well or something? The packets in question are logged as being from the Internet to Astaro's externally facing interface address. There is an ADSL router between Astaro and the Internet.
I also enabled logging of allowed packets but it doesn't seem to be letting anything in! The rule is:
Source: Internet (also tried 'Any')
Service: App service definition
Destination: Internal App Server IP
No other restrictions
There are also no explicit blocking PF rules configured.
How can I determine what is blocking these packets? The IPS live logs and stats show no packets blocked (although enabling all attack pattern rules definitely affects traffic flow!).
Does anyone have any ideas what might be going on here?
This thread was automatically locked due to age.
