My config:
Diagram with my problem Drop invalid forward FW rule:
Code: Select all
9 ;;; drop invalid
chain=forward action=drop connection-state=invalid log=no log-prefix="invalid"
17:56:28 firewall,info invalid forward: in:BASE_VLAN out:HOME_LAB_VLAN, src-mac 30:xx:xx:xx:xx:xx, proto TCP (ACK), 192.168.99.243:65375->10.0.10.3:8080, len 52
17:56:28 firewall,info invalid forward: in:BASE_VLAN out:HOME_LAB_VLAN, src-mac 30:xx:xx:xx:xx:xx, proto TCP (ACK,PSH), 192.168.99.243:65375->10.0.10.3:8080, len 131
17:56:28 firewall,info invalid forward: in:BASE_VLAN out:HOME_LAB_VLAN, src-mac 30:xx:xx:xx:xx:xx, proto TCP (ACK,PSH), 192.168.99.243:65375->10.0.10.3:8080, len 131
17:56:29 firewall,info invalid forward: in:BASE_VLAN out:HOME_LAB_VLAN, src-mac 30:xx:xx:xx:xx:xx, proto TCP (ACK,PSH), 192.168.99.243:65375->10.0.10.3:8080, len 131
17:56:29 firewall,info invalid forward: in:BASE_VLAN out:HOME_LAB_VLAN, src-mac 30:xx:xx:xx:xx:xx, proto TCP (ACK,PSH), 192.168.99.243:65375->10.0.10.3:8080, len 131
17:56:29 firewall,info invalid forward: in:BASE_VLAN out:HOME_LAB_VLAN, src-mac 30:xx:xx:xx:xx:xx, proto TCP (ACK,PSH), 192.168.99.243:65375->10.0.10.3:8080, len 131
17:56:29 firewall,info invalid forward: in:BASE_VLAN out:HOME_LAB_VLAN, src-mac 30:xx:xx:xx:xx:xx, proto TCP (ACK), 192.168.99.243:65375->10.0.10.3:8080, len 52
17:56:30 firewall,info invalid forward: in:BASE_VLAN out:HOME_LAB_VLAN, src-mac 30:xx:xx:xx:xx:xx, proto TCP (ACK,PSH), 192.168.99.243:65375->10.0.10.3:8080, len 131
17:56:30 firewall,info invalid forward: in:BASE_VLAN out:HOME_LAB_VLAN, src-mac 30:xx:xx:xx:xx:xx, proto TCP (ACK,PSH), 192.168.99.243:65375->10.0.10.3:8080, len 131
17:56:31 firewall,info invalid forward: in:BASE_VLAN out:HOME_LAB_VLAN, src-mac 30:xx:xx:xx:xx:xx, proto TCP (ACK), 192.168.99.243:65375->10.0.10.3:8080, len 52
17:56:32 firewall,info invalid forward: in:BASE_VLAN out:HOME_LAB_VLAN, src-mac 30:xx:xx:xx:xx:xx, proto TCP (ACK,PSH), 192.168.99.243:65375->10.0.10.3:8080, len 131