[ previous ] [ next ] [ threads ]
 
 From:  Jorgen Norrman <jurg at home dot se>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  [Fwd: Re: [m0n0wall] pb22r566 : No effect of 'Disabled Log blocked packets by default' + other question]
 Date:  Mon, 19 Jan 2004 12:25:50 +0100
Put a last rule that vill block everything with logging on. And make 
sure that the defult logging is off.
/jn

Brett J. Carpenter wrote:

>I have been having this problem for some time (3 months) now and was hoping the
>next update would fix it.
>I use a remote syslog server and would like to log most of the denied traffic to
>the WAN interface however I would like not to log much of the NetBIOS broadcast
>traffic that often bounces around on the external subnet.
>Here is the problem
>
>Scenario 1
>- I create a filter rule to deny TCP/UDP 135-139 with any source and any dest     
>  and leave the option to "Log packets that are handled by this rule" unchecked
>- I ensure that "Log blocked packets by default" is selected so that all other 
>  packets will be logged 
>
>Result -> All packets are logged regardless of state of "Log packets that are 
>          handled by this rule"
>
>Scenario 2
>- I create a filter rule to deny TCP/UDP 135-139 with any source and any dest   
>  and Check "Log packets that are handled by this rule" 
>- I ensure that "Log blocked packets by default" is NOT selected
>
>Result -> ONLY packets caught by the rule with logging active are  
>          displayed (this seems correct and intutive but not what I want)
>
>
>I would like to log everything caught by the default group block all rule but
>not log thoes packets dropped by rules with "Log packets that are handled by
>this rule" deselected. This would seem to be a common need as you might want to
>not log the uninstresting stuff. Hope you can tell me where I went wrong or if I
>am misunderstanding somthing. 
>
>Brett Carpenter
>
>  
>
>>It does not bothers me..., but really thank you for your quick answer.
>>You know what means service and support and it's really great.
>>You are definitively much better than professional sorcery .
>>
>>Thank you for your works.
>>
>>Thierry L. (France)
>>
>>
>>
>>
>>----- Original Message -----
>>From: "Manuel Kasper" 
>>To: "T. Lechat" 
>>Cc: 
>>Sent: Sunday, December 14, 2003 10:49 AM
>>Subject: Re: [m0n0wall] pb22r566 : No effect of 'Disabled Log blocked
>>packets by default' + other question
>>
>>
>>    
>>
>>>T. Lechat said:
>>>      
>>>
>>>>1) I have just updated to pb22r566 from pb21 : It Seems that 'Disabled
>>>>        
>>>>
>>Log
>>    
>>
>>>>blocked packets by default' doesn't have any effect. m0n0wall continues
>>>>        
>>>>
>>to
>>    
>>
>>>>log default packet (after reboot too). I disabled too all log for all my
>>>>rules. Maybe I've missed something else ?
>>>>        
>>>>
>>>Nope, I forgot that some (but not all) of the implicit block rules that
>>>are installed automatically by the filter rule generator still have the
>>>'log' keyword set. If it bothers you, use the attached patch against
>>>filter.inc. It will be fixed in the next release.
>>>
>>>- Manuel
>>>      
>>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>
>>    
>>
>
>-------------------------------------------------
>This mail sent through IMP: http://horde.org/imp/
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>
>
>  
>