[ previous ] [ next ] [ threads ]
 
 From:  "Brett J. Carpenter" <Brett dot Carpenter at lehigh dot edu>
 To:  "T. Lechat" <m0n0wall at lechat dot org>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] pb22r566 : No effect of 'Disabled Log blocked packets by default' + other question
 Date:  Mon, 19 Jan 2004 00:58:57 -0500
I have been having this problem for some time (3 months) now and was hoping the
next update would fix it.
I use a remote syslog server and would like to log most of the denied traffic to
the WAN interface however I would like not to log much of the NetBIOS broadcast
traffic that often bounces around on the external subnet.
Here is the problem

Scenario 1
- I create a filter rule to deny TCP/UDP 135-139 with any source and any dest     
  and leave the option to "Log packets that are handled by this rule" unchecked
- I ensure that "Log blocked packets by default" is selected so that all other 
  packets will be logged 

Result -> All packets are logged regardless of state of "Log packets that are 
          handled by this rule"

Scenario 2
- I create a filter rule to deny TCP/UDP 135-139 with any source and any dest   
  and Check "Log packets that are handled by this rule" 
- I ensure that "Log blocked packets by default" is NOT selected

Result -> ONLY packets caught by the rule with logging active are  
          displayed (this seems correct and intutive but not what I want)


I would like to log everything caught by the default group block all rule but
not log thoes packets dropped by rules with "Log packets that are handled by
this rule" deselected. This would seem to be a common need as you might want to
not log the uninstresting stuff. Hope you can tell me where I went wrong or if I
am misunderstanding somthing. 

Brett Carpenter

> It does not bothers me..., but really thank you for your quick answer.
> You know what means service and support and it's really great.
> You are definitively much better than professional sorcery .
> 
> Thank you for your works.
> 
> Thierry L. (France)
> 
> 
> 
> 
> ----- Original Message -----
> From: "Manuel Kasper" <mk at neon1 dot net>
> To: "T. Lechat" <m0n0wall at lechat dot org>
> Cc: <m0n0wall at lists dot m0n0 dot ch>
> Sent: Sunday, December 14, 2003 10:49 AM
> Subject: Re: [m0n0wall] pb22r566 : No effect of 'Disabled Log blocked
> packets by default' + other question
> 
> 
> > T. Lechat said:
> > > 1) I have just updated to pb22r566 from pb21 : It Seems that 'Disabled
> Log
> > > blocked packets by default' doesn't have any effect. m0n0wall continues
> to
> > > log default packet (after reboot too). I disabled too all log for all my
> > > rules. Maybe I've missed something else ?
> >
> > Nope, I forgot that some (but not all) of the implicit block rules that
> > are installed automatically by the filter rule generator still have the
> > 'log' keyword set. If it bothers you, use the attached patch against
> > filter.inc. It will be fixed in the next release.
> >
> > - Manuel
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 

-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/