Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 27 subscribers
  • Views 5691 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Disable rule_id 0

Greg Oliver

Is this possible?  I have media capture devices on my network that try to communicate on 443 to the cloud, but since they use 443 and it is not HTTPS traffic by definition, it is being denied.

 

In another post I also have DHCP issues cropping up due to the rule. 

 

Is it possible to disable it without using  raw iptables commands after boot?

 

Thanks!

 

Greg



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    that is the default drop rule, so disabling that rule is not a good idea.

    You could or maybe you have already try a rule source LAN, network device IP, destination WAN, any, HTTPS without scanning enabled. The rule would need to be near the top of your rule list.

    Ian

  • 0 in reply to rfcat_vk

    Hmmm, if it was the default DROP rule, no traffic would get past as it is @ the top.  It happens to be the default rule for what Sophos deems inappropriate to pass through by default, but the default drop rule is after all other accepts are allowed (how iptables works).. 

     

    *edit*

    Well, looking deeper, they DROP by default and allow by exception.   Also, they write a lot of their own xt modules (I cannot find them in the kernel anyhow), so changing individual lines becomes nearly impossible when they pass the entire packet to the module and the module acts on it..  Oh well..  Like I was saying - I can learn to live with it if editing is not possible.  I have not yet started using the filtering or inspections yet, but so far I like it nonetheless.

     

    I can slice and dice it, but was hoping to be able to disable the rules that are giving me grief without disabling the entire rule. 

     

    One will be fixed by another vendor, and I can change my habits of admin access from over 25 years doing this, but that is hard :)

     

    Thanks!

     

    -Greg

Reply
  • 0 in reply to rfcat_vk

    Hmmm, if it was the default DROP rule, no traffic would get past as it is @ the top.  It happens to be the default rule for what Sophos deems inappropriate to pass through by default, but the default drop rule is after all other accepts are allowed (how iptables works).. 

     

    *edit*

    Well, looking deeper, they DROP by default and allow by exception.   Also, they write a lot of their own xt modules (I cannot find them in the kernel anyhow), so changing individual lines becomes nearly impossible when they pass the entire packet to the module and the module acts on it..  Oh well..  Like I was saying - I can learn to live with it if editing is not possible.  I have not yet started using the filtering or inspections yet, but so far I like it nonetheless.

     

    I can slice and dice it, but was hoping to be able to disable the rules that are giving me grief without disabling the entire rule. 

     

    One will be fixed by another vendor, and I can change my habits of admin access from over 25 years doing this, but that is hard :)

     

    Thanks!

     

    -Greg

Children