Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 19 replies
  • Subscribers 2 subscribers
  • Views 19715 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall Logging

scottj_01
All-

I am seeing in the firewall log since the upgrade to version 9.101-12 an enormous number of dropped entries for firewall rule 6003, tcpflags="ACK PSH FIN". They appear from an number of sources. One of the source sites is this one. I created a firewall rule any>WebGroup>drop and placed it right after websurfing. WebGroup contains http>source 1:65535> destination 80, and the same for https substuing port 80 with port 443. The log traffic box is unchecked. Can the fwrule 6003 be edited to turn off logging? My hair is now in a pile on the floor....Thanks, Jim

2013:06:08-09:52:47 Oasis ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:1b:21:59:59:3d" srcip="209.123.109.176" dstip="192.168.1.2" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="1632" tcpflags="ACK PSH FIN" 
2013:06:08-09:52:48 Oasis ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:1b:21:59:59:3d" srcip="209.123.109.177" dstip="192.168.1.2" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="1638" tcpflags="ACK PSH FIN" 
2013:06:08-09:52:48 Oasis ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:1b:21:59:59:3d" srcip="209.123.109.177" dstip="192.168.1.2" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="1639" tcpflags="ACK PSH FIN" 
2013:06:08-09:53:06 Oasis ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:1b:21:59:59:3d" srcip="85.115.22.9" dstip="192.168.1.2" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="1671" tcpflags="ACK PSH FIN" 
2013:06:08-09:53:59 Oasis ulogd[4425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:1b:21:59:59:3d" srcip="85.115.22.9" dstip="192.168.1.2" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="1671" tcpflags="ACK PSH FIN"


This thread was automatically locked due to age.
Parents
  • 0
    this is in standard mode: 

    2013:06:12-08:57:04 UTM-Frank ulogd[4459]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="0:90[:D]0:63:ff:0" dstmac="0:22:15:33:22:fa" srcip="10.60.184.5" dstip="224.0.0.1" proto="2" length="36" tos="0x00" prec="0xc0" ttl="1" 

    2013:06:12-08:57:08 UTM-Frank ulogd[4459]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="4c:ac:a:12:14:4c" dstmac="0:22:15:33:22:fa" srcip="93.184.220.29" dstip="192.168.2.238" proto="6" length="40" tos="0x00" prec="0x00" ttl="52" srcport="80" dstport="54241" tcpflags="ACK FIN" 

    2013:06:12-08:57:16 UTM-Frank ulogd[4459]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="4c:ac:a:12:14:4c" dstmac="0:22:15:33:22:fa" srcip="93.184.220.29" dstip="192.168.2.238" proto="6" length="40" tos="0x00" prec="0x00" ttl="52" srcport="80" dstport="54254" tcpflags="ACK FIN" 

    2013:06:12-08:57:16 UTM-Frank ulogd[4459]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="4c:ac:a:12:14:4c" dstmac="0:22:15:33:22:fa" srcip="93.184.220.29" dstip="192.168.2.238" proto="6" length="40" tos="0x00" prec="0x00" ttl="52" srcport="80" dstport="54256" tcpflags="ACK FIN" 

    2013:06:12-08:57:16 UTM-Frank ulogd[4459]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="4c:ac:a:12:14:4c" dstmac="0:22:15:33:22:fa" srcip="93.184.220.29" dstip="192.168.2.238" proto="6" length="40" tos="0x00" prec="0x00" ttl="52" srcport="80" dstport="54255" tcpflags="ACK FIN" 

    2013:06:12-08:57:22 UTM-Frank ulogd[4459]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="4c:ac:a:12:14:4c" dstmac="0:22:15:33:22:fa" srcip="173.194.66.120" dstip="192.168.2.238" proto="6" length="40" tos="0x00" prec="0x00" ttl="49" srcport="443" dstport="54222" tcpflags="RST" 

    2013:06:12-08:57:22 UTM-Frank ulogd[4459]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="7c:4f:b5:79:76:20" dstmac="0:c:f6[:D]:e5:72" srcip="192.168.2.253" dstip="224.0.0.1" proto="2" length="36" tos="0x00" prec="0x00" ttl="1" 


    transparent: 

    2013:06:12-08:42:49 UTM-Frank ulogd[4459]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" srcmac="0:c:f6[:D]:e5:72" srcip="141.101.117.48" dstip="192.168.1.3" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="53488" tcpflags="ACK FIN" 

    2013:06:12-08:42:49 UTM-Frank ulogd[4459]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" srcmac="0:c:f6[:D]:e5:72" srcip="141.101.117.48" dstip="192.168.1.3" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="53488" tcpflags="ACK PSH FIN" 

    2013:06:12-08:42:49 UTM-Frank ulogd[4459]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" srcmac="0:c:f6[:D]:e5:72" srcip="141.101.117.48" dstip="192.168.1.3" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="53488" tcpflags="ACK PSH FIN" 

    2013:06:12-08:42:51 UTM-Frank ulogd[4459]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" srcmac="0:c:f6[:D]:e5:72" srcip="141.101.117.48" dstip="192.168.1.3" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="53488" tcpflags="ACK PSH FIN" 

    2013:06:12-08:42:52 UTM-Frank ulogd[4459]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" srcmac="0:c:f6[:D]:e5:72" srcip="141.101.117.48" dstip="192.168.1.3" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="53488" tcpflags="ACK PSH FIN" 

    2013:06:12-08:42:56 UTM-Frank ulogd[4459]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" srcmac="0:c:f6[:D]:e5:72" srcip="141.101.117.48" dstip="192.168.1.3" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="53488" tcpflags="ACK PSH FIN" 

    2013:06:12-08:43:04 UTM-Frank ulogd[4459]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" srcmac="0:c:f6[:D]:e5:72" srcip="141.101.117.48" dstip="192.168.1.3" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="53488" tcpflags="ACK PSH FIN" 


    both are the same 3 pages being refreshed, then I waited 6 minutes, and collected the logs,
Reply
  • 0
    this is in standard mode: 

    2013:06:12-08:57:04 UTM-Frank ulogd[4459]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="0:90[:D]0:63:ff:0" dstmac="0:22:15:33:22:fa" srcip="10.60.184.5" dstip="224.0.0.1" proto="2" length="36" tos="0x00" prec="0xc0" ttl="1" 

    2013:06:12-08:57:08 UTM-Frank ulogd[4459]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="4c:ac:a:12:14:4c" dstmac="0:22:15:33:22:fa" srcip="93.184.220.29" dstip="192.168.2.238" proto="6" length="40" tos="0x00" prec="0x00" ttl="52" srcport="80" dstport="54241" tcpflags="ACK FIN" 

    2013:06:12-08:57:16 UTM-Frank ulogd[4459]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="4c:ac:a:12:14:4c" dstmac="0:22:15:33:22:fa" srcip="93.184.220.29" dstip="192.168.2.238" proto="6" length="40" tos="0x00" prec="0x00" ttl="52" srcport="80" dstport="54254" tcpflags="ACK FIN" 

    2013:06:12-08:57:16 UTM-Frank ulogd[4459]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="4c:ac:a:12:14:4c" dstmac="0:22:15:33:22:fa" srcip="93.184.220.29" dstip="192.168.2.238" proto="6" length="40" tos="0x00" prec="0x00" ttl="52" srcport="80" dstport="54256" tcpflags="ACK FIN" 

    2013:06:12-08:57:16 UTM-Frank ulogd[4459]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="4c:ac:a:12:14:4c" dstmac="0:22:15:33:22:fa" srcip="93.184.220.29" dstip="192.168.2.238" proto="6" length="40" tos="0x00" prec="0x00" ttl="52" srcport="80" dstport="54255" tcpflags="ACK FIN" 

    2013:06:12-08:57:22 UTM-Frank ulogd[4459]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="4c:ac:a:12:14:4c" dstmac="0:22:15:33:22:fa" srcip="173.194.66.120" dstip="192.168.2.238" proto="6" length="40" tos="0x00" prec="0x00" ttl="49" srcport="443" dstport="54222" tcpflags="RST" 

    2013:06:12-08:57:22 UTM-Frank ulogd[4459]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="7c:4f:b5:79:76:20" dstmac="0:c:f6[:D]:e5:72" srcip="192.168.2.253" dstip="224.0.0.1" proto="2" length="36" tos="0x00" prec="0x00" ttl="1" 


    transparent: 

    2013:06:12-08:42:49 UTM-Frank ulogd[4459]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" srcmac="0:c:f6[:D]:e5:72" srcip="141.101.117.48" dstip="192.168.1.3" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="53488" tcpflags="ACK FIN" 

    2013:06:12-08:42:49 UTM-Frank ulogd[4459]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" srcmac="0:c:f6[:D]:e5:72" srcip="141.101.117.48" dstip="192.168.1.3" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="53488" tcpflags="ACK PSH FIN" 

    2013:06:12-08:42:49 UTM-Frank ulogd[4459]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" srcmac="0:c:f6[:D]:e5:72" srcip="141.101.117.48" dstip="192.168.1.3" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="53488" tcpflags="ACK PSH FIN" 

    2013:06:12-08:42:51 UTM-Frank ulogd[4459]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" srcmac="0:c:f6[:D]:e5:72" srcip="141.101.117.48" dstip="192.168.1.3" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="53488" tcpflags="ACK PSH FIN" 

    2013:06:12-08:42:52 UTM-Frank ulogd[4459]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" srcmac="0:c:f6[:D]:e5:72" srcip="141.101.117.48" dstip="192.168.1.3" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="53488" tcpflags="ACK PSH FIN" 

    2013:06:12-08:42:56 UTM-Frank ulogd[4459]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" srcmac="0:c:f6[:D]:e5:72" srcip="141.101.117.48" dstip="192.168.1.3" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="53488" tcpflags="ACK PSH FIN" 

    2013:06:12-08:43:04 UTM-Frank ulogd[4459]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" srcmac="0:c:f6[:D]:e5:72" srcip="141.101.117.48" dstip="192.168.1.3" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="53488" tcpflags="ACK PSH FIN" 


    both are the same 3 pages being refreshed, then I waited 6 minutes, and collected the logs,
Children
No Data