[ previous ] [ next ] [ threads ]
 
 From:  Ian Cartwright <ian351c at cox dot net>
 To:  Jorgen Norrman <jurg at home dot se>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [Fwd: Re: [m0n0wall] pb22r566 : No effect of 'Disabled Log blocked packets by default' + other question]
 Date:  Mon, 19 Jan 2004 07:16:02 -0700
All,

This should work nicely. I think it points out how much more intuitive
m0n0wall would feel to (especially new) users if all of the "default"
rules were visible in the rule page even if they are not editable there.
By default rules, I mean all of the rules set up in /etc/inc/*.

Just my $0.02

Ian

On Mon, 2004-01-19 at 04:25, Jorgen Norrman wrote:
> Put a last rule that vill block everything with logging on. And make 
> sure that the defult logging is off.
> /jn
> 
> Brett J. Carpenter wrote:
> 
> >I have been having this problem for some time (3 months) now and was hoping the
> >next update would fix it.
> >I use a remote syslog server and would like to log most of the denied traffic to
> >the WAN interface however I would like not to log much of the NetBIOS broadcast
> >traffic that often bounces around on the external subnet.
> >Here is the problem
> >
> >Scenario 1
> >- I create a filter rule to deny TCP/UDP 135-139 with any source and any dest     
> >  and leave the option to "Log packets that are handled by this rule" unchecked
> >- I ensure that "Log blocked packets by default" is selected so that all other 
> >  packets will be logged 
> >
> >Result -> All packets are logged regardless of state of "Log packets that are 
> >          handled by this rule"
> >
> >Scenario 2
> >- I create a filter rule to deny TCP/UDP 135-139 with any source and any dest   
> >  and Check "Log packets that are handled by this rule" 
> >- I ensure that "Log blocked packets by default" is NOT selected
> >
> >Result -> ONLY packets caught by the rule with logging active are  
> >          displayed (this seems correct and intutive but not what I want)
> >
> >
> >I would like to log everything caught by the default group block all rule but
> >not log thoes packets dropped by rules with "Log packets that are handled by
> >this rule" deselected. This would seem to be a common need as you might want to
> >not log the uninstresting stuff. Hope you can tell me where I went wrong or if I
> >am misunderstanding somthing. 
> >
> >Brett Carpenter
> >
> >  
> >
> >>It does not bothers me..., but really thank you for your quick answer.
> >>You know what means service and support and it's really great.
> >>You are definitively much better than professional sorcery .
> >>
> >>Thank you for your works.
> >>
> >>Thierry L. (France)
> >>
> >>
> >>
> >>
> >>----- Original Message -----
> >>From: "Manuel Kasper" 
> >>To: "T. Lechat" 
> >>Cc: 
> >>Sent: Sunday, December 14, 2003 10:49 AM
> >>Subject: Re: [m0n0wall] pb22r566 : No effect of 'Disabled Log blocked
> >>packets by default' + other question
> >>
> >>
> >>    
> >>
> >>>T. Lechat said:
> >>>      
> >>>
> >>>>1) I have just updated to pb22r566 from pb21 : It Seems that 'Disabled
> >>>>        
> >>>>
> >>Log
> >>    
> >>
> >>>>blocked packets by default' doesn't have any effect. m0n0wall continues
> >>>>        
> >>>>
> >>to
> >>    
> >>
> >>>>log default packet (after reboot too). I disabled too all log for all my
> >>>>rules. Maybe I've missed something else ?
> >>>>        
> >>>>
> >>>Nope, I forgot that some (but not all) of the implicit block rules that
> >>>are installed automatically by the filter rule generator still have the
> >>>'log' keyword set. If it bothers you, use the attached patch against
> >>>filter.inc. It will be fixed in the next release.
> >>>
> >>>- Manuel
> >>>      
> >>>
> >>---------------------------------------------------------------------
> >>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> >>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >>
> >>    
> >>
> >
> >-------------------------------------------------
> >This mail sent through IMP: http://horde.org/imp/
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> >For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
> >
> >
> >  
> >
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>