Lifx constantly sending invalid packets that are dropped by my Firewall

I am getting Invalid packets on my Firewall almost ever second from Lifx Server: 146.148.44.137
I have about 12 Lifx Bulbs Gen2 and 3.
I can use the bulbs locally and remotely no problem, but my poor Firewall is being beaten up by the Lifx Cloud server.
Here is just a few seconds of the log from my Firewall: (My IP and MAC Changed)

Apr 13 20:22:10 kernel: [BLOCKED - INVALID] IN=eth0 OUT= MAC=MY:RO:UT:ER:SM:AC SRC=146.148.44.137 DST=M.Y.I.P LEN=141 TOS=0x00 PREC=0x00 TTL=59 ID=6317 DF PROTO=TCP SPT=56700 DPT=54252 SEQ=762445238 ACK=7184373 WINDOW=37520 RES=0x00 ACK PSH URGP=0
Apr 13 20:22:10 kernel: [BLOCKED - INVALID] IN=eth0 OUT= MAC=MY:RO:UT:ER:SM:AC SRC=146.148.44.137 DST=M.Y.I.P LEN=141 TOS=0x00 PREC=0x00 TTL=58 ID=36439 DF PROTO=TCP SPT=56700 DPT=56820 SEQ=140599515 ACK=10198773 WINDOW=38592 RES=0x00 ACK PSH URGP=0
Apr 13 20:22:11 kernel: [BLOCKED - INVALID] IN=eth0 OUT= MAC=MY:RO:UT:ER:SM:AC SRC=146.148.44.137 DST=M.Y.I.P LEN=141 TOS=0x00 PREC=0x00 TTL=58 ID=47838 DF PROTO=TCP SPT=56700 DPT=54251 SEQ=32565713 ACK=10296334 WINDOW=65392 RES=0x00 ACK PSH URGP=0
Apr 13 20:22:11 kernel: [BLOCKED - INVALID] IN=eth0 OUT= MAC=MY:RO:UT:ER:SM:AC SRC=146.148.44.137 DST=M.Y.I.P LEN=141 TOS=0x00 PREC=0x00 TTL=58 ID=36440 DF PROTO=TCP SPT=56700 DPT=56820 SEQ=140599515 ACK=10198773 WINDOW=38592 RES=0x00 ACK PSH URGP=0
Apr 13 20:22:12 kernel: [BLOCKED - INVALID] IN=eth0 OUT= MAC=MY:RO:UT:ER:SM:AC SRC=146.148.44.137 DST=M.Y.I.P LEN=141 TOS=0x00 PREC=0x00 TTL=58 ID=53743 DF PROTO=TCP SPT=56700 DPT=52415 SEQ=4272857550 ACK=11804076 WINDOW=48240 RES=0x00 ACK PSH URGP=0
Apr 13 20:22:13 kernel: [BLOCKED - INVALID] IN=eth0 OUT= MAC=MY:RO:UT:ER:SM:AC SRC=146.148.44.137 DST=M.Y.I.P LEN=141 TOS=0x00 PREC=0x00 TTL=58 ID=36441 DF PROTO=TCP SPT=56700 DPT=56820 SEQ=140599515 ACK=10198773 WINDOW=38592 RES=0x00 ACK PSH URGP=0
Apr 13 20:22:14 kernel: [BLOCKED - INVALID] IN=eth0 OUT= MAC=MY:RO:UT:ER:SM:AC SRC=146.148.44.137 DST=M.Y.I.P LEN=141 TOS=0x00 PREC=0x00 TTL=58 ID=29560 DF PROTO=TCP SPT=56700 DPT=56818 SEQ=3098569325 ACK=4900082 WINDOW=65392 RES=0x00 ACK PSH URGP=0
Apr 13 20:22:14 kernel: [BLOCKED - INVALID] IN=eth0 OUT= MAC=MY:RO:UT:ER:SM:AC SRC=146.148.44.137 DST=M.Y.I.P LEN=141 TOS=0x00 PREC=0x00 TTL=59 ID=31427 DF PROTO=TCP SPT=56700 DPT=54253 SEQ=3293759613 ACK=9683842 WINDOW=34304 RES=0x00 ACK PSH URGP=0
Apr 13 20:22:15 kernel: [BLOCKED - INVALID] IN=eth0 OUT= MAC=MY:RO:UT:ER:SM:AC SRC=146.148.44.137 DST=M.Y.I.P LEN=141 TOS=0x00 PREC=0x00 TTL=58 ID=40091 DF PROTO=TCP SPT=56700 DPT=65131 SEQ=2780273083 ACK=4142137 WINDOW=65392 RES=0x00 ACK PSH URGP=0
Apr 13 20:22:15 kernel: [BLOCKED - INVALID] IN=eth0 OUT= MAC=MY:RO:UT:ER:SM:AC SRC=146.148.44.137 DST=M.Y.I.P LEN=141 TOS=0x00 PREC=0x00 TTL=58 ID=40092 DF PROTO=TCP SPT=56700 DPT=65131 SEQ=2780273083 ACK=4142137 WINDOW=65392 RES=0x00 ACK PSH URGP=0
Apr 13 20:22:16 kernel: [BLOCKED - INVALID] IN=eth0 OUT= MAC=MY:RO:UT:ER:SM:AC SRC=146.148.44.137 DST=M.Y.I.P LEN=141 TOS=0x00 PREC=0x00 TTL=58 ID=40093 DF PROTO=TCP SPT=56700 DPT=65131 SEQ=2780273083 ACK=4142137 WINDOW=65392 RES=0x00 ACK PSH URGP=0
Apr 13 20:22:16 kernel: [BLOCKED - INVALID] IN=eth0 OUT= MAC=MY:RO:UT:ER:SM:AC SRC=146.148.44.137 DST=M.Y.I.P LEN=141 TOS=0x00 PREC=0x00 TTL=58 ID=36442 DF PROTO=TCP SPT=56700 DPT=56820 SEQ=140599515 ACK=10198773 WINDOW=38592 RES=0x00 ACK PSH URGP=0
Apr 13 20:22:17 kernel: [BLOCKED - INVALID] IN=eth0 OUT= MAC=MY:RO:UT:ER:SM:AC SRC=146.148.44.137 DST=M.Y.I.P LEN=141 TOS=0x00 PREC=0x00 TTL=58 ID=40094 DF PROTO=TCP SPT=56700 DPT=65131 SEQ=2780273083 ACK=4142137 WINDOW=65392 RES=0x00 ACK PSH URGP=0

As you noted this is a packet from the LIFX Cloud server to your light bulbs. They’re getting listed as INVALID by an iptables based firewall on your Linux based firewall device. Invalid in this case probably means: “Invalid with respect to connection tracking”. Your router/firewall likely does some form of NAT, and thus has to track connections.

Most times we see these it is because either the firewall recently rebooted and has lost the state of all the connections in progress, or the firewall is not able to handle the number of connections it is being made to deal with.

To investigate further I’ll need samples of these packets and details of your firewall device’s make and model. Hopefully your firewall provides a method for capturing packets.