Incoming rule to port 800 on BLUE needed?

Hello,

I’ve got these messages in my logs:

DROP_CTINVALID blue0 TCP a.b.c.d 59509 a.b.c.1 800

Do I need to create an incoming rule on BLUE-> BLUE:800 in order to circumvent these messages?

Is that safe? Thank you for clarifications.

You surely can inhibit all traffic to port 800 on BLUE.
But according to the message you posted, there is a connection ( to an internal web server? ). DROP_CTINVALID means there is some problem for connection tracking ( not all SW modules adhere to the standards defined ).

1 Like

Hi Bernhard, thank you for responding. Do mean an internal web server on ORANGE? If so, yes, and so you point me into the direction of my Nexcloud phone App regularily contacting it’s instance within the DMZ.

I’ve now switched off CTINVALID logging to calm down the logs.

Regards.

1 Like

Unfortunately mobile phone OS’s all seem to not fully follow the rules for sending packets as this type of issue also occurs with iOS and Android, where the phone app sends a packet but does not properly flag that the packet is from an existing connection so it gets dropped due to the Connection Tracking being INVALID (CTINVALID).

3 Likes