Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 2 subscribers
  • Views 3928 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

http/https [ACK FIN] drop

ybo91
Hi,

I have many drop for [ACK FIN] http/https traffic. Even for the connexion to the utm webadmin page :
2014:03:20-15:31:37 Firewall ulogd[31492]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" srcmac="80:ee:73:69:73:83" srcip="192.168.1.1" dstip="192.168.1.103" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="4444" dstport="63912" tcpflags="ACK FIN"

Is there a way to remove/hide them ?

Thanks.


This thread was automatically locked due to age.
Parents
  • 0
    Hi & Welcome,

    At the bottom of your firewall rules, you can add a new rule:
    sources: ANY, Internal ADDRESS
    dest: LAN/Internal Network
    Services: Custom, see below
    Drop, No Log

    The Services are HTTP, HTTPS, WebAdmin(4444), but you have to create new service definitions with the ports reversed; e.g. HTTP_Response would be sourceport:80, Destport:1024-65535

    Barry
Reply
  • 0
    Hi & Welcome,

    At the bottom of your firewall rules, you can add a new rule:
    sources: ANY, Internal ADDRESS
    dest: LAN/Internal Network
    Services: Custom, see below
    Drop, No Log

    The Services are HTTP, HTTPS, WebAdmin(4444), but you have to create new service definitions with the ports reversed; e.g. HTTP_Response would be sourceport:80, Destport:1024-65535

    Barry
Children
No Data
Cookie Information Banner