This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can not DROP packeges!!!

Hi

I’m not able to DROP packages from the internal notwork. The messages are looking like this:

15:03:23 172.26.12.23 1030 ->  172.26.15.255 37 UDP
15:03:36 172.26.12.25 1030 ->  172.26.15.255 37 UDP
15:03:39 172.26.12.26 1030 ->  172.26.15.255 37 UDP
15:03:40 172.26.12.27 1030 ->  172.26.15.255 37 UDP
...

I did already the following:

1. Create a service WindowTime: Protocol UDP, S-Port 1030, D-Port 37
2. Create a network Broadcast 172.26.15.255, 255.255.255.255
3. Create a rule Internal_Network,  Windowtime, Broadcast, Drop

It doesn’t work. The messages are still popping up. What do I have to do?

I’m using Version 2.

This thread was automatically locked due to age.

0 tank over 23 years ago

Do you have any rules before this one that "ALLOW" the traffic? Trying making this rule the #1 rule.
Cancel
Vote Up 0 Vote Down

Cancel
0 oliver.desch over 23 years ago in reply to tank

FN-eagle,

best idea is to drop any kind of broadcasts,
they are not interesting in the firewall log!

Define
local-broadcast 172.26.15.255 255.255.255.255

do the same for worldwide broadcast
world-broadcast 255.255.255.255 255.255.255.255

Define a neworkgroup broadcast
put the two broadcast definitions into the group

Configure a packet filter
ANY ANY {broadcast} DROP
and move it on top

That's it
o|iver
Cancel
Vote Up 0 Vote Down

Cancel
0 biapar over 23 years ago in reply to oliver.desch

Which is the scope broadcast packets dropping? [:S]
Cancel
Vote Up 0 Vote Down

Cancel
0 FN-Eagle over 23 years ago in reply to biapar

Thanks for a quick answer, but unfortunately I’ve still problems. I did exactly that what you recommended but have still the same messages. The broadcasts to ports 137,138, 631 etc. are dropped but not to port 37. What is that???

[size="1"][ 15 July 2002, 13:24: Message edited by: FN-Eagle ][/size]
Cancel
Vote Up 0 Vote Down

Cancel