default forward rule drop not working

Home Page Forums Network Management ZeroShell default forward rule drop not working

This topic contains 0 replies, has 0 voices, and was last updated by  m4him 10 years, 11 months ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #40968

    m4him
    Member

    I have eth1 on public
    eht0 private
    default rule allow
    I set forward to reject level 7 http
    http is rejected
    I set forward rule to accept level 7 http
    http flows
    I set forward default rule to drop
    http stops working.

    I did all of the above several times to confirm and also repeated using port 80 instead of level 7 http with the same results

    Why, when I have forward default rule to drop does the
    level 7 http not work when the rule is set to accept?

    #46317

    imported_fulvio
    Participant

    L7 filters use connection tracking to classify the traffic and usually need more than one packet to recognize the protocol. For this reason you should not use a Layer 7 filter with the target ACCEPT if the default policy is DROP. In other words, L7 filter work better in QoS classification than in firewall rules.

    Regards
    Fulvio

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.