Hope you're doing good.
I have been googling a question for the past week and can't find a definitive answer, so I thought it may be best to ask the experts..
My firewall zones look like this -
Everything seems to work as it should do, so that's great.
It's mainly just a query, i've noticed that under the cain 'Zone_WAN_input' I can get 10k or more worth of drops... it doesn't particularly seem like an issue as the traffic isn't high, but I'm wondering if I'm blocking legitimate traffic? Here it is currently (I reset the counters just now so it only looks like a small amount)
I've ran a tcpdump -i WAN dst host my public IP and it seems to be just sites we're browsing/our external DNS etc.
And if I enable logging on the WAN zone with a 10/minute filter it seems to output the ton of stuff it's dropping: (public IP and MAC taken out)
Sat Mar 12 09:55:09 2022 kern.warn kernel: [1932.323044] DROP wan in: IN=wan OUT= MAC=00:00:00:00:00:00:00 SRC=22.214.171.124 DST=mypublicip LEN=434 TOS=0x00
PREC=0x00 TTL=47 ID=13245 DF PROTO=UDP SPT=5157 DPT=60181 LEN=414
So was just looking for some guidance as I'm fairly new to OpenWRT and just want to ensure I'm not blocking legit traffic or if it's by design, but why it's dropping that traffic if it is genuine.
Thanks as always guys.