Home Page › Forums › Network Management › ZeroShell › default forward rule drop not working › Reply To: default forward rule drop not working
March 31, 2008 at 8:27 pm
#46317
Participant
L7 filters use connection tracking to classify the traffic and usually need more than one packet to recognize the protocol. For this reason you should not use a Layer 7 filter with the target ACCEPT if the default policy is DROP. In other words, L7 filter work better in QoS classification than in firewall rules.
Regards
Fulvio