Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 2 subscribers
  • Views 6961 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can't get firewall to stop dropping packets

ibell63
I've found that even if I put in a rule that says to allow anything, the firewall service still drops lots of packets according to the live log and actual log file.  Here's the rule I put in to try to disable the firewall.

Source --> Service --> Destination

Any -----> Any -----> Any

Please don't reply and tell me not to put this rule in.  I understand it will make the firewall allow anything.  That isn't the point.  The point is that there appears to be an issue with rule processing.

Firmware version is 9.201-23

This is really frustrating.  I've tried a bunch of different rules and I can't seem to find anything that makes the firewall lax enough to not drop tons of Netflix packets.

Am I missing something?


This thread was automatically locked due to age.
Parents
  • 0
    Here are a few good examples from the log.  I want this traffic to be accepted.

    What are rules 60001 and 60003?

    2014:04:21-19:31:56 IronCurtain ulogd[4513]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="0:1:5c:23:b2:c1" dstmac="***:60" srcip="66.0.23.18" dstip="***.***.***.92" proto="6" length="48" tos="0x00" prec="0x00" ttl="117" srcport="2983" dstport="3390" tcpflags="SYN" 

    2014:04:21-19:32:14 IronCurtain ulogd[4513]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="0:1:5c:23:b2:c1" dstmac="***:60" srcip="66.0.23.18" dstip="***.***.***.92" proto="6" length="40" tos="0x00" prec="0x00" ttl="245" srcport="2983" dstport="3390" tcpflags="RST" 

    2014:04:21-19:32:33 IronCurtain ulogd[4513]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" srcmac="0:13:20:61:59:8a" srcip="111.168.21.82" dstip="192.168.0.201" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="443" dstport="1370" tcpflags="RST"
Reply
  • 0
    Here are a few good examples from the log.  I want this traffic to be accepted.

    What are rules 60001 and 60003?

    2014:04:21-19:31:56 IronCurtain ulogd[4513]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="0:1:5c:23:b2:c1" dstmac="***:60" srcip="66.0.23.18" dstip="***.***.***.92" proto="6" length="48" tos="0x00" prec="0x00" ttl="117" srcport="2983" dstport="3390" tcpflags="SYN" 

    2014:04:21-19:32:14 IronCurtain ulogd[4513]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="0:1:5c:23:b2:c1" dstmac="***:60" srcip="66.0.23.18" dstip="***.***.***.92" proto="6" length="40" tos="0x00" prec="0x00" ttl="245" srcport="2983" dstport="3390" tcpflags="RST" 

    2014:04:21-19:32:33 IronCurtain ulogd[4513]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" srcmac="0:13:20:61:59:8a" srcip="111.168.21.82" dstip="192.168.0.201" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="443" dstport="1370" tcpflags="RST"
Children
No Data
Cookie Information Banner