default forward rule drop not working

Forums Network Management ZeroShell default forward rule drop not working

  • This topic is empty.
Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • March 30, 2008 at 10:37 pm #40968
    m4him
    Member

    I have eth1 on public
    eht0 private
    default rule allow
    I set forward to reject level 7 http
    http is rejected
    I set forward rule to accept level 7 http
    http flows
    I set forward default rule to drop
    http stops working.

    I did all of the above several times to confirm and also repeated using port 80 instead of level 7 http with the same results

    Why, when I have forward default rule to drop does the
    level 7 http not work when the rule is set to accept?

    March 31, 2008 at 8:27 pm #46317
    imported_fulvio
    Participant

    L7 filters use connection tracking to classify the traffic and usually need more than one packet to recognize the protocol. For this reason you should not use a Layer 7 filter with the target ACCEPT if the default policy is DROP. In other words, L7 filter work better in QoS classification than in firewall rules.

    Regards
    Fulvio

  • Author
    Posts
Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.