On Fri, Jun 26, 2020 at 6:33 PM Tom Eastep <teas...@shorewall.net> wrote: > > The only thing that I see in the dump is that you are dropping TCP 3389 > ESTABLISHED packets not marked with value 0xa; that might be the issue
Well, I don't know how I didn't see that, but yes, I'm sending the packets to Suricata IPS and that was dropping 3389 because of: Inbound RDP Connection with TLS Security Protocol Requested I need to either change the signature action or make sure the RDP clients don't negotiate (eg. force RDP or NLA). Thanks, Vieri _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users