Suricata blocking FTP initiated from Firefox

Have Suricata enabled with default rules on my PFSense Firewall.

I am running a FTP server in a DMZ - and have:

  • A FW Rule allowing inbound FTP to the DMZ Server
  • A NAT rule forwarding a high port number to port 21 on the DMZ Server

FTP works as designed when using FIleZilla, however, when attempting a FTP connection to the same address from Firefox, Suricate immediately blocks the source IP with the following message:

I disabled the bottom of the two rules (I believe) on the WAN & DMZ interfaces, which prevents blocking.

Testing shows the rule was triggered on the DMZ interface, not WAN.

Any clue on why this happens, how to avoid this - apart from disabling the entire rule ?.