Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 2 subscribers
  • Views 2687 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

'Any -> Any -> Any' and we still see "Default Drop"???

BAlfson
I never tried this before, opening everything and logging traffic then looking at the packet filter log.  How can ANYTHING get default dropped?


This thread was automatically locked due to age.
  • 0
    This is a security matter ... Any -> Any -> Any would disable security at all. So this turns to a drop all rule.
  • 0 in reply to Marcel_Germany
    No, most everything gets through
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    many of the drops are NETBIOS LS (TCP/UDP 135)
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Packets hitting the Network or Broadcast addresses don't get covered by a ANY rule.
    You'd need another rule to Allow them (although there's not point unless you're bridging) or Drop them with or without logging.

    Normally I drop internal broadcasts without logging.

    Barry
  • 0 in reply to BarryG
    These were coming from the outside and hitting external IPs.

    Ohhh, wait a minute.  Those were to Additional Addresses on ports NOT relayed by my DNAT rule; of course they were dropped - where was the poor firewall gonna send those messages anyway?

    Pay no attention to the man behind the curtain!*

    Cheers - Bob
    *A "Wizard of Oz" reference.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Cookie Information Banner