Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 2 subscribers
  • Views 7043 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Default drop rule hit although reject rule has been activated

asc
Hi,

I recently added a ANY-ANY-ANY-REJECT rule at the bottom (no. 47) of my firewall rules, because I want to reject any traffic that's not allowed instead of silently dropping it.

Unfortunately, this new (and activated) rule does not get hit, but the default drop rule gets hit instead.

2015:10:15-08:26:13 m-2 ulogd[21014]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth2" srcmac="a:b:c[:D]" dstmac="a:b:c[:D]" srcip="x.x.x.x" dstip="y.y.y.y" proto="6" length="60" tos="0x10" prec="0x00" ttl="56" srcport="53704" dstport="23456" tcpflags="SYN" 
2015:10:15-08:26:13 m-2 ulogd[21014]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" 

I'm running release 9.315-2.

Can anyone explain this behavior?

asc


This thread was automatically locked due to age.
Parents
  • 0
    Alex,

    This is related to #4 in Rulz.  Look at the diagram at the bottom of that post.  You see that there are two chains, INPUT and FORWARD.  In order for a packet to be seen in the INPUT chain, you must have a destination in your traffic selector that is bound to the interface where the packet arrives. "Any" is not bound to any interface but "External (Address)" is bound to External.

    Cheers - Bob
Reply
  • 0
    Alex,

    This is related to #4 in Rulz.  Look at the diagram at the bottom of that post.  You see that there are two chains, INPUT and FORWARD.  In order for a packet to be seen in the INPUT chain, you must have a destination in your traffic selector that is bound to the interface where the packet arrives. "Any" is not bound to any interface but "External (Address)" is bound to External.

    Cheers - Bob
Children
No Data