This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Default drop although last rule is "reject any any any"

Title says it all:
Although I have a rule "reject from any to any using any service" at the bottom, I still see "DEFAULT DROP" entries in the live firewall log. Why is that?
UTM 9 Essential edition, so no IDS or Threat detection or whatever active.

This thread was automatically locked due to age.

Parents

0 BarryG over 11 years ago

Hi Chris,

1. you can see all of the rule via the command-line:
iptables -n -L

2. in case it wasn't clear; the ANY network defintion does not include the UTM's interfaces nor the Network and Broadcast addresses.

I would include those (INT or EXT Address, INT or EXT Broadcast) in your REJECT rule if that's what you want.

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BarryG over 11 years ago

Hi Chris,

1. you can see all of the rule via the command-line:
iptables -n -L

2. in case it wasn't clear; the ANY network defintion does not include the UTM's interfaces nor the Network and Broadcast addresses.

I would include those (INT or EXT Address, INT or EXT Broadcast) in your REJECT rule if that's what you want.

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data