Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 2 subscribers
  • Views 2689 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

'Any -> Any -> Any' and we still see "Default Drop"???

BAlfson
I never tried this before, opening everything and logging traffic then looking at the packet filter log.  How can ANYTHING get default dropped?


This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to BAlfson
    Packets hitting the Network or Broadcast addresses don't get covered by a ANY rule.
    You'd need another rule to Allow them (although there's not point unless you're bridging) or Drop them with or without logging.

    Normally I drop internal broadcasts without logging.

    Barry
Children
  • 0 in reply to BarryG
    These were coming from the outside and hitting external IPs.

    Ohhh, wait a minute.  Those were to Additional Addresses on ports NOT relayed by my DNAT rule; of course they were dropped - where was the poor firewall gonna send those messages anyway?

    Pay no attention to the man behind the curtain!*

    Cheers - Bob
    *A "Wizard of Oz" reference.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Cookie Information Banner