Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 27 replies
  • Subscribers 2 subscribers
  • Views 164606 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Default drop although last rule is "reject any any any"

ChrisH1
Title says it all:
Although I have a rule "reject from any to any using any service" at the bottom, I still see "DEFAULT DROP" entries in the live firewall log. Why is that? 
UTM 9 Essential edition, so no IDS or Threat detection or whatever active.


This thread was automatically locked due to age.
Parents
  • 0
    2014:09:23-09:09:49 H-GATE3 ulogd[4184]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="0:26:88:75:cb:a3" dstmac="0:50:56:0:40:5f" srcip="80.93.221.248" dstip="144.76.60.28" proto="6" length="40" tos="0x00" prec="0x00" ttl="45" srcport="59581" dstport="445" tcpflags="SYN" 

    Which is doubly annoying, because in addition to the "reject any and log" rule I also have a higher rule to drop all TCP/445 connection attempts silently to avoid filling up my logfiles.
Reply
  • 0
    2014:09:23-09:09:49 H-GATE3 ulogd[4184]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="0:26:88:75:cb:a3" dstmac="0:50:56:0:40:5f" srcip="80.93.221.248" dstip="144.76.60.28" proto="6" length="40" tos="0x00" prec="0x00" ttl="45" srcport="59581" dstport="445" tcpflags="SYN" 

    Which is doubly annoying, because in addition to the "reject any and log" rule I also have a higher rule to drop all TCP/445 connection attempts silently to avoid filling up my logfiles.
Children
No Data