Block out, even though All Services allowed (Murus Lite)

Murus
Post Reply
staze
Posts: 1
Joined: Thu May 19, 2016 10:46 pm

Block out, even though All Services allowed (Murus Lite)

Post by staze » Thu May 19, 2016 10:56 pm

All,

Bit of a confusion on my part. I'm using Murus Lite to block a couple services from the internet as a whole (was getting hammered on ARD and AFP ports from all over). But Murus lite, from what I read and can see, doesn't allow any outbound filtering (which is fine for my needs). The thing is, looking at the PF logs, I see a lot of things like:

00:00:00.030174 rule 13/0(match): block out on en0: 123.234.123.234.62560 > 205.188.12.38.443: Flags [P.], seq 0:6, ack 1, win 65535, length 6

My IP has been swapped out.

Why would this be the case? All I have in Outbound is "All Services" and it's set to "Everyone".

Thoughts? Help?

hany
Posts: 479
Joined: Wed Dec 10, 2014 5:20 pm

Re: Block out, even though All Services allowed (Murus Lite)

Post by hany » Mon May 23, 2016 4:40 pm

You don't have to worry about these blocks. These are most probably unsolicited acks belonging to expired PF states.
None of your clients/servers should to be affected by these blocks.
You can reduce these log entries unchecking the first option in Murus preferences -> general. Then you can further limit them managing the DYNAMIC PORTS range in your inbound (yes, inbound) and setting the option for "less restrictive flags policy".

Post Reply