Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 40 subscribers
  • Views 3072 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

New Drop all Rule in V 18

BeEf

I just noticed that Sophos added a (disabled) Drop All rule in V18. 




AFIK in V 17.5 you had to add this manually (Explicit Deny) and it was necessary to add all Zones manually in order that all packerts were captured.

Is this restriction gone as well as the need to create a Explicit Deny rule if you want to see the dropped packages in the eventlog once

You activate Drop All and activate the logging?

Regards,
Bernd



This thread was automatically locked due to age.
Parents
  • +1

    Its not disabled. The Drop All Rule is simply a rule on the bot, which indicates to the administrator, that there is a implicit deny. Logging is not possible until you build your own rule, as you did. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    What do you get when you enable log invalid traffic, doesn't that come from the default drop?

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

Reply Children
  • 0 in reply to rfcat_vk

    Invalid Traffic is traffic, which does not match to conntrack (existing sessions). Hence its invalid. Default drop is traffic which does not have a session in the first place. 

    __________________________________________________________________________________________________________________

Unfiltered HTML