Firewall log full of default drops when web browsing

Hi there,

Running a vanilla install of utm v9.205-12 as a VM running on VMware with two NICs attached. It's sitting behind an internet router running tomato USB.

On UTM The "External (WAN)" interface is 192.168.1.8 and default gateway 192.168.1.1 (tomato usb router)

The Internal interface is 192.168.42.1

All VM's running on vmware use 192.168.42.1 as their default gateway. On one of my VM's when I browse to say Gameplanet Forums - New Zealand's video game community after awhile I get flooded with default drops with source port 80 and random dst ports.

2014:09:09-17:06:27 labutm01 ulogd[4886]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:50:56:88:15:54" srcip="23.23.250.228" dstip="192.168.42.11" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="57252" tcpflags="RST" 
2014:09:09-17:06:27 labutm01 ulogd[4886]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:50:56:88:15:54" srcip="54.252.165.43" dstip="192.168.42.11" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="57230" tcpflags="RST" 
2014:09:09-17:06:27 labutm01 ulogd[4886]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:50:56:88:15:54" srcip="68.232.44.121" dstip="192.168.42.11" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="57222" tcpflags="RST" 
2014:09:09-17:06:27 labutm01 ulogd[4886]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:50:56:88:15:54" srcip="176.32.102.89" dstip="192.168.42.11" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="57241" tcpflags="RST" 
2014:09:09-17:06:27 labutm01 ulogd[4886]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:50:56:88:15:54" srcip="68.232.44.121" dstip="192.168.42.11" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="57224" tcpflags="RST" 
2014:09:09-17:06:27 labutm01 ulogd[4886]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:50:56:88:15:54" srcip="68.232.44.121" dstip="192.168.42.11" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="57227" tcpflags="RST" 
2014:09:09-17:06:27 labutm01 ulogd[4886]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:50:56:88:15:54" srcip="176.32.102.89" dstip="192.168.42.11" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="57245" tcpflags="RST" 
2014:09:09-17:06:27 labutm01 ulogd[4886]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:50:56:88:15:54" srcip="68.232.44.121" dstip="192.168.42.11" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="57228" tcpflags="RST" 
2014:09:09-17:06:27 labutm01 ulogd[4886]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:50:56:88:15:54" srcip="176.32.102.89" dstip="192.168.42.11" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="57242" tcpflags="RST" 
2014:09:09-17:06:27 labutm01 ulogd[4886]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:50:56:88:15:54" srcip="68.232.44.121" dstip="192.168.42.11" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="57225" tcpflags="RST" 
2014:09:09-17:06:27 labutm01 ulogd[4886]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:50:56:88:15:54" srcip="68.232.44.121" dstip="192.168.42.11" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="57223" tcpflags="RST" 
2014:09:09-17:06:27 labutm01 ulogd[4886]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:50:56:88:15:54" srcip="74.125.204.95" dstip="192.168.42.11" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="57226" tcpflags="RST" 
2014:09:09-17:06:27 labutm01 ulogd[4886]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:50:56:88:15:54" srcip="117.18.237.139" dstip="192.168.42.11" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="57240" tcpflags="RST" 
2014:09:09-17:06:27 labutm01 ulogd[4886]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:50:56:88:15:54" srcip="184.84.63.139" dstip="192.168.42.11" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="57239" tcpflags="RST" 
2014:09:09-17:06:27 labutm01 ulogd[4886]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:50:56:88:15:54" srcip="54.252.165.43" dstip="192.168.42.11" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="57229" tcpflags="RST" 
2014:09:09-17:06:27 labutm01 ulogd[4886]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:50:56:88:15:54" srcip="202.124.127.46" dstip="192.168.42.11" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="57236" tcpflags="RST" 
2014:09:09-17:06:27 labutm01 ulogd[4886]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:50:56:88:15:54" srcip="202.124.127.46" dstip="192.168.42.11" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="57235" tcpflags="RST"

I understand that these are red herrings but how do I stop them from being logged as it makes it difficult trawling through to find legitimate traffic that's being blocked

Disabing web filtering and the drops change to ACK FIN

2014:09:09-17:20:32 labutm01 ulogd[4886]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:50:56:88:15:54" srcip="199.59.149.201" dstip="192.168.42.11" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="443" dstport="57600" tcpflags="ACK FIN" 
2014:09:09-17:20:32 labutm01 ulogd[4886]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:50:56:88:15:54" srcip="202.124.127.46" dstip="192.168.42.11" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="57593" tcpflags="ACK FIN" 
2014:09:09-17:20:32 labutm01 ulogd[4886]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:50:56:88:15:54" srcip="202.124.127.46" dstip="192.168.42.11" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="57594" tcpflags="ACK FIN" 
2014:09:09-17:20:32 labutm01 ulogd[4886]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:50:56:88:15:54" srcip="202.124.127.46" dstip="192.168.42.11" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="57595" tcpflags="ACK FIN" 
2014:09:09-17:20:32 labutm01 ulogd[4886]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:50:56:88:15:54" srcip="31.13.82.32" dstip="192.168.42.11" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="57610" tcpflags="ACK FIN" 
2014:09:09-17:20:32 labutm01 ulogd[4886]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:50:56:88:15:54" srcip="176.32.102.89" dstip="192.168.42.11" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="57602" tcpflags="ACK FIN" 
2014:09:09-17:20:32 labutm01 ulogd[4886]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:50:56:88:15:54" srcip="23.23.250.228" dstip="192.168.42.11" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="57606" tcpflags="ACK FIN" 
2014:09:09-17:20:32 labutm01 ulogd[4886]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:50:56:88:15:54" srcip="176.32.102.89" dstip="192.168.42.11" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="57598" tcpflags="ACK FIN" 
2014:09:09-17:20:32 labutm01 ulogd[4886]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:50:56:88:15:54" srcip="176.32.102.89" dstip="192.168.42.11" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="57599" tcpflags="ACK FIN" 
2014:09:09-17:20:33 labutm01 ulogd[4886]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:50:56:88:15:54" srcip="23.23.250.228" dstip="192.168.42.11" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="57607" tcpflags="ACK FIN" 

This is a fresh install, only FW rule I added was to allow 192.168.1.0/24 access the webadmin interface on 192.168.1.8





This thread was automatically locked due to age.