This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

policy not work

Because our intranet have a lot of attack and ASL is busy to record these log, so ASL's CPU usage is full. I want to set any->any->any->drop under a policy that allow HTTP,SMTP,POP3 etc.But I found there are still a lot of drop log into live log, it means the drop policy don't work. If I set a policy to drop special ports such as 135,137,139 or 445 ports, it works. I don't know why, pls help me. [:S]

This thread was automatically locked due to age.

Parents

0 cyclops over 21 years ago

'ANY ANY ANY DROP' applies to the forwarding chain and this is why packets directed to the firewall interfaces are still being logged.

Test a rule like 'ANY ANY IP_of_FW', you should enable this for testing only. Better drop only those ports which appear in the log frequently.

Greetings
cyclops
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 cyclops over 21 years ago

'ANY ANY ANY DROP' applies to the forwarding chain and this is why packets directed to the firewall interfaces are still being logged.

Test a rule like 'ANY ANY IP_of_FW', you should enable this for testing only. Better drop only those ports which appear in the log frequently.

Greetings
cyclops
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data