[ previous ] [ next ] [ threads ]
 
 From:  "Brett J. Carpenter" <Brett dot Carpenter at lehigh dot edu>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] pb22r566 : No effect of 'Disabled Log blocked packets by default' + other question
 Date:  Mon, 19 Jan 2004 14:55:41 -0500
Thanks to all for replying,
Your suggestion is good for the interim and I had considered doing this but it
seems that this might be a bug and I wanted to help make the system as straight
forward to operate as possible. I would agree that showing the default block
rule would be good for new users. However if a rule has logging off and it is
still logged this would seem to be counterintuitive. 

Brett Carpenter

Quoting Jorgen Norrman <jurg at home dot se>:

> Put a last rule that vill block everything with logging on. And make 
> sure that the default logging is off.
> /jn
> 
> Brett J. Carpenter wrote:
> 
> >I have been having this problem for some time (3 months) now and was hoping
> the
> >next update would fix it.
> >I use a remote syslog server and would like to log most of the denied
> traffic to
> >the WAN interface however I would like not to log much of the NetBIOS> broadcast
> >traffic that often bounces around on the external subnet.
> >Here is the problem
> >
> >Scenario 1
> >- I create a filter rule to deny TCP/UDP 135-139 with any source and any
> dest     
> >  and leave the option to "Log packets that are handled by this rule"
> unchecked
> >- I ensure that "Log blocked packets by default" is selected so that all
> other 
> >  packets will be logged 
> >
> >Result -> All packets are logged regardless of state of "Log packets that
> are 
> >          handled by this rule"
> >
> >Scenario 2
> >- I create a filter rule to deny TCP/UDP 135-139 with any source and any
> dest   > >  and Check "Log packets that are handled by this rule" 
> >- I ensure that "Log blocked packets by default" is NOT selected
> >
> >Result -> ONLY packets caught by the rule with logging active are  
> >          displayed (this seems correct and intutive but not what I want)
> >
> >
> >I would like to log everything caught by the default group block all rule
> but
> >not log thoes packets dropped by rules with "Log packets that are handled
> by
> >this rule" deselected. This would seem to be a common need as you might want
> to
> >not log the uninstresting stuff. Hope you can tell me where I went wrong or
> if I
> >am misunderstanding somthing. 
> >
> >Brett Carpenter
> >
> >  
> >
> >>It does not bothers me..., but really thank you for your quick answer.
> >>You know what means service and support and it's really great.
> >>You are definitively much better than professional sorcery .
> >>
> >>Thank you for your works.
> >>
> >>Thierry L. (France)
> >>
> >>
> >>
> >>
> >>----- Original Message -----
> >>From: "Manuel Kasper" <mk at neon1 dot net>
> >>To: "T. Lechat" <m0n0wall at lechat dot org>
> >>Cc: <m0n0wall at lists dot m0n0 dot ch>
> >>Sent: Sunday, December 14, 2003 10:49 AM
> >>Subject: Re: [m0n0wall] pb22r566 : No effect of 'Disabled Log blocked
> >>packets by default' + other question
> >>
> >>
> >>    
> >>
> >>>T. Lechat said:
> >>>      
> >>>
> >>>>1) I have just updated to pb22r566 from pb21 : It Seems that 'Disabled
> >>>>        
> >>>>
> >>Log
> >>    
> >>
> >>>>blocked packets by default' doesn't have any effect. m0n0wall continues
> >>>>        
> >>>>
> >>to
> >>    
> >>
> >>>>log default packet (after reboot too). I disabled too all log for all my
> >>>>rules. Maybe I've missed something else ?
> >>>>        
> >>>>
> >>>Nope, I forgot that some (but not all) of the implicit block rules that
> >>>are installed automatically by the filter rule generator still have the
> >>>'log' keyword set. If it bothers you, use the attached patch against
> >>>filter.inc. It will be fixed in the next release.
> >>>
> >>>- Manuel
> >>>      
> >>>
> >>---------------------------------------------------------------------
> >>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> >>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >>
> >>    
> >>
> >
> >-------------------------------------------------
> >This mail sent through IMP: http://horde.org/imp/
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> >For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
> >
> >
> >  
> >
> 
> 

-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/

----- End forwarded message -----

-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/