|
||||||||
Thanks to all for replying, Your suggestion is good for the interim and I had considered doing this but it seems that this might be a bug and I wanted to help make the system as straight forward to operate as possible. I would agree that showing the default block rule would be good for new users. However if a rule has logging off and it is still logged this would seem to be counterintuitive. Brett Carpenter Quoting Jorgen Norrman <jurg at home dot se>: > Put a last rule that vill block everything with logging on. And make > sure that the default logging is off. > /jn > > Brett J. Carpenter wrote: > > >I have been having this problem for some time (3 months) now and was hoping > the > >next update would fix it. > >I use a remote syslog server and would like to log most of the denied > traffic to > >the WAN interface however I would like not to log much of the NetBIOS> broadcast > >traffic that often bounces around on the external subnet. > >Here is the problem > > > >Scenario 1 > >- I create a filter rule to deny TCP/UDP 135-139 with any source and any > dest > > and leave the option to "Log packets that are handled by this rule" > unchecked > >- I ensure that "Log blocked packets by default" is selected so that all > other > > packets will be logged > > > >Result -> All packets are logged regardless of state of "Log packets that > are > > handled by this rule" > > > >Scenario 2 > >- I create a filter rule to deny TCP/UDP 135-139 with any source and any > dest > > and Check "Log packets that are handled by this rule" > >- I ensure that "Log blocked packets by default" is NOT selected > > > >Result -> ONLY packets caught by the rule with logging active are > > displayed (this seems correct and intutive but not what I want) > > > > > >I would like to log everything caught by the default group block all rule > but > >not log thoes packets dropped by rules with "Log packets that are handled > by > >this rule" deselected. This would seem to be a common need as you might want > to > >not log the uninstresting stuff. Hope you can tell me where I went wrong or > if I > >am misunderstanding somthing. > > > >Brett Carpenter > > > > > > > >>It does not bothers me..., but really thank you for your quick answer. > >>You know what means service and support and it's really great. > >>You are definitively much better than professional sorcery . > >> > >>Thank you for your works. > >> > >>Thierry L. (France) > >> > >> > >> > >> > >>----- Original Message ----- > >>From: "Manuel Kasper" <mk at neon1 dot net> > >>To: "T. Lechat" <m0n0wall at lechat dot org> > >>Cc: <m0n0wall at lists dot m0n0 dot ch> > >>Sent: Sunday, December 14, 2003 10:49 AM > >>Subject: Re: [m0n0wall] pb22r566 : No effect of 'Disabled Log blocked > >>packets by default' + other question > >> > >> > >> > >> > >>>T. Lechat said: > >>> > >>> > >>>>1) I have just updated to pb22r566 from pb21 : It Seems that 'Disabled > >>>> > >>>> > >>Log > >> > >> > >>>>blocked packets by default' doesn't have any effect. m0n0wall continues > >>>> > >>>> > >>to > >> > >> > >>>>log default packet (after reboot too). I disabled too all log for all my > >>>>rules. Maybe I've missed something else ? > >>>> > >>>> > >>>Nope, I forgot that some (but not all) of the implicit block rules that > >>>are installed automatically by the filter rule generator still have the > >>>'log' keyword set. If it bothers you, use the attached patch against > >>>filter.inc. It will be fixed in the next release. > >>> > >>>- Manuel > >>> > >>> > >>--------------------------------------------------------------------- > >>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > >>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > >> > >> > >> > > > >------------------------------------------------- > >This mail sent through IMP: http://horde.org/imp/ > > > >--------------------------------------------------------------------- > >To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > >For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > > > > > > > > > > > > ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/ ----- End forwarded message ----- ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/ |