Network Protection: Firewall, NAT, QoS, & IPS 'Any -> Any -> Any' and we still see "Default Drop"???

UTM Firewall requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 5 replies
Subscribers 2 subscribers
Views 2679 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

'Any -> Any -> Any' and we still see "Default Drop"???

BAlfson over 16 years ago

I never tried this before, opening everything and logging traffic then looking at the packet filter log. How can ANYTHING get default dropped?

This thread was automatically locked due to age.

0 Marcel_Germany over 16 years ago

This is a security matter ... Any -> Any -> Any would disable security at all. So this turns to a drop all rule.
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 16 years ago in reply to Marcel_Germany

No, most everything gets through
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 16 years ago in reply to BAlfson

many of the drops are NETBIOS LS (TCP/UDP 135)
Cancel
Vote Up 0 Vote Down

Cancel
0 BarryG over 16 years ago in reply to BAlfson

Packets hitting the Network or Broadcast addresses don't get covered by a ANY rule.
You'd need another rule to Allow them (although there's not point unless you're bridging) or Drop them with or without logging.

Normally I drop internal broadcasts without logging.

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 16 years ago in reply to BarryG

These were coming from the outside and hitting external IPs.

Ohhh, wait a minute. Those were to Additional Addresses on ports NOT relayed by my DNAT rule; of course they were dropped - where was the poor firewall gonna send those messages anyway?

Pay no attention to the man behind the curtain!*

Cheers - Bob
*A "Wizard of Oz" reference.
Cancel
Vote Up 0 Vote Down

Cancel