Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 27 subscribers
  • Views 5689 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Disable rule_id 0

Greg Oliver

Is this possible?  I have media capture devices on my network that try to communicate on 443 to the cloud, but since they use 443 and it is not HTTPS traffic by definition, it is being denied.

 

In another post I also have DHCP issues cropping up due to the rule. 

 

Is it possible to disable it without using  raw iptables commands after boot?

 

Thanks!

 

Greg



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    that is the default drop rule, so disabling that rule is not a good idea.

    You could or maybe you have already try a rule source LAN, network device IP, destination WAN, any, HTTPS without scanning enabled. The rule would need to be near the top of your rule list.

    Ian

  • 0 in reply to rfcat_vk

    Hmmm, if it was the default DROP rule, no traffic would get past as it is @ the top.  It happens to be the default rule for what Sophos deems inappropriate to pass through by default, but the default drop rule is after all other accepts are allowed (how iptables works).. 

     

    *edit*

    Well, looking deeper, they DROP by default and allow by exception.   Also, they write a lot of their own xt modules (I cannot find them in the kernel anyhow), so changing individual lines becomes nearly impossible when they pass the entire packet to the module and the module acts on it..  Oh well..  Like I was saying - I can learn to live with it if editing is not possible.  I have not yet started using the filtering or inspections yet, but so far I like it nonetheless.

     

    I can slice and dice it, but was hoping to be able to disable the rules that are giving me grief without disabling the entire rule. 

     

    One will be fixed by another vendor, and I can change my habits of admin access from over 25 years doing this, but that is hard :)

     

    Thanks!

     

    -Greg

  • 0 in reply to Greg Oliver

    Hi Greg,

    there is no need to change the default rule when you can create your own rule to allow the specific traffic out. 

    Ian

  • 0 in reply to rfcat_vk

    My main issue is that it is denying DHCP due to the same UDP packet hitting 2 interfaces (bug in the switch I bought) - I would not know how to allow that unless a simple allow on 67 and 68 woudl bypass it?  I can try that tomorrow night and see if it goes through.  Like I mentioned, I already have a solution for the Admin access - just re-teching an old mind :)

     

    Thanks again.

  • 0 in reply to Greg Oliver

    Again you can create rules to allow to hit one interface or block one interface, allowing is more consistent.

    Ian

Reply Children
No Data