We get items like this in our firewall log very often. (1000's per day)
2015:07:01-09:47:25 Astaro-1 ulogd[17496]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="0" initf="eth1" srcmac="b8:9b:c9[:D]4:b0:86" dstmac="00:1a:8c:f0:0d:c1" srcip="209.85.160.173" dstip="50.195.173.17" proto="6" length="40" tos="0x00" prec="0x20" ttl="41" srcport="36552" dstport="25" tcpflags="RST"
Now as far as I can tell this should not be getting dropped as 50.195.173.17 has a DNAT rule pointing to our internal Mail Server with a any source - destination port SMTP rule. Since this is how our incoming email comes in obviously the rule must be working. I have seen others in the log like this where it appears that it should not be dropped based on the source - destination and port and they also have the [RST] flag.
So why are these in the log? What does the [RST] signify?
This thread was automatically locked due to age.
