I am experiencing an issue with v4.02 after an intended automatic upgrade early this morning; it seems that our custom port range specified for TeamSpeak voice service over UDP is being blocked for inbound and outbound traffic.
Here are two of many syslog entries indicating the blocks (munged):
Code: Select all
Sep 9 12:38:30 servername kernel: Firewall: *UDP_IN Blocked* IN=eth1 OUT= MAC=00:30:48:2c:90:ff:00:1e:13:ca:4a:bf:08:00 SRC=70.171.6.X DST=1.2.3.4 LEN=208 TOS=0x00 PREC=0x00 TTL=121 ID=3609 PR
OTO=UDP SPT=58297 DPT=8714 LEN=188
Sep 9 12:49:19 servername kernel: Firewall: *UDP_OUT Blocked* IN= OUT=eth1 SRC=1.2.3.4 DST=62.146.63.X LEN=431 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=8714 DPT=45647 LEN=411Code: Select all
udp:in:d=8701_8799:d=1.2.3.4
udp:out:s=8701_8799:s=1.2.3.4My only resolution within CSF v4.02 thus far is to add the port range to the server-wide UDP allow lists (UDP_IN & UDP_OUT); this is the only method I found to make it work, but at a great disadvantage to security.
Please let me know if you need any additional debugging information or a ticket lodged to help troubleshoot.