----- Original Message -----
From: "Manuel Kasper" <mk at neon1 dot net>
To: "Christopher M. Iarocci" <iarocci at eastendsc dot com>
Cc: <m0n0wall at lists dot m0n0 dot ch>
Sent: Friday, November 14, 2003 12:12 PM
Subject: Re: [m0n0wall] Firewall question
> On 14.11.2003, at 18:05, Christopher M. Iarocci wrote:
> > Can anyone explain why I get the following entries in my firewall log
> > when I
> > clearly have a rule that allows all outbound traffic from my LAN
> > interface?
> > I see it from time to time, and don't really understand it because I
> > guess I
> > don't understand all the codes at the end of the line.
> > 12:00:23.058836 2x rl0 @200:33 p 192.168.2.199,5061 ->
> > 188.8.131.52,5060 PR
> > udp len 20 301 K-S K-F IN
> ... @200:33 p 192.168... ---> p = pass
> > rules, nor do I have any block rules for the VPN lans. I'm hoping the
> > rules
> > for the VPN allows all traffic through the tunnel, but the below log
> > entry
> > clearly shows a packet being blocked.
> No, it shows a packet being passed. :) Not sure why these show up,
> though. By default, only blocked packets are logged.
Maybe it is because I have port 5060 mapped to the internal address of
192.168.2.199? Just a guess, don't know. Thanks for the info though. Now
I can rest easier. :-) All this time I was thinking they were blocked