Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 2 subscribers
  • Views 7045 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Default drop rule hit although reject rule has been activated

asc
Hi,

I recently added a ANY-ANY-ANY-REJECT rule at the bottom (no. 47) of my firewall rules, because I want to reject any traffic that's not allowed instead of silently dropping it.

Unfortunately, this new (and activated) rule does not get hit, but the default drop rule gets hit instead.

2015:10:15-08:26:13 m-2 ulogd[21014]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth2" srcmac="a:b:c[:D]" dstmac="a:b:c[:D]" srcip="x.x.x.x" dstip="y.y.y.y" proto="6" length="60" tos="0x10" prec="0x00" ttl="56" srcport="53704" dstport="23456" tcpflags="SYN" 
2015:10:15-08:26:13 m-2 ulogd[21014]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" 

I'm running release 9.315-2.

Can anyone explain this behavior?

asc


This thread was automatically locked due to age.
Parents
  • 0
    fwrule="60001" - What happens if you change the traffic selector to 'Internet -> Any -> External (Address)'?

    Cheers - Bob
  • 0 in reply to BAlfson
    Hey Bob,

    that works! [:)] Connection requests are instantly rejected:

    2015:10:16-16:46:14 m-2 ulogd[9733]: id="2003" severity="info" sys="SecureNet" sub="packetfilter" name="Packet rejected" action="reject" fwrule="47" initf="eth1" srcmac="a:a:a:a:a:a" dstmac="b:b:b:b:b:b" srcip="x.x.x.x" dstip="y.y.y.y" proto="6" length="60" tos="0x10" prec="0x00" ttl="54" srcport="56440" dstport="12345" tcpflags="SYN" 

    Isn't that a strange behavior?

    I would have assumed that ANY-ANY-ANY catched everything down there....

    Thanks for the tip!
    Alex
Reply
  • 0 in reply to BAlfson
    Hey Bob,

    that works! [:)] Connection requests are instantly rejected:

    2015:10:16-16:46:14 m-2 ulogd[9733]: id="2003" severity="info" sys="SecureNet" sub="packetfilter" name="Packet rejected" action="reject" fwrule="47" initf="eth1" srcmac="a:a:a:a:a:a" dstmac="b:b:b:b:b:b" srcip="x.x.x.x" dstip="y.y.y.y" proto="6" length="60" tos="0x10" prec="0x00" ttl="54" srcport="56440" dstport="12345" tcpflags="SYN" 

    Isn't that a strange behavior?

    I would have assumed that ANY-ANY-ANY catched everything down there....

    Thanks for the tip!
    Alex
Children
No Data