Am running Murus Pro 1.3.5 on Mac Mini, OS Server 5 (10.11.1).
In Murus Managed Inbound Services I've allowed All Services for 10-net (as well as 192.168-net, 172.16-net, and 169.254-net). I'm running the Mail service on the Mini, allowed in Murus for Everyone and blocked only for a couple of spammer IPs. Everything's running well, our intranet (10-net) Mail users can all send and receive email on their Macs... but occasionally I see blocked connections in the pffirewall log on ports 143 and 993 from 10-net users, for example:
Dec 7 09:55:15 (NAME_OF_SERVER) pf: 00:00:04.307762 rule 37.murus.inbound.1/0(match): block in on en0: 10.1.10.103.49258 > (SERVER'S_STATIC_IP).993: Flags [FP.], seq 4294967222:37, ack 1, win 4096, options [nop,nop,TS val 790220857 ecr 37403760], length 111
These blocks don't seem to prevent anything and all seems good, but I'm just curious why they appear, since our 10-net is allowed for All Services?
2 posts • Page 1 of 1
- Posts: 481
- Joined: Wed Dec 10, 2014 5:20 pm
These logs are probably unsolicited acks or connections belonging to expired pf states. As you have already realized, these log records can be ignored. Unchecking the "log all blocked connections" option in Murus' Preferences->General helps reducing the frequency of such logs.