Re: [FW-1] Rule 0 for silent Services

[Matthias Leu]

Hi, the reason is the configuration of Anti-Spoofing. Take a look at the log where these entries are - which source, which destination? Mostly Anti-Spoofing acts not only incoming, but also outgoing. So it might help if you define the addresses where the NBT Broadcasts are directed to, as a separate Workstation, eg. NBTbc. Then, you define a group MyGroup including eg. myInternalNet+NBTbc. At the Interface properties of your Firewall you change the accepted addresses from eg. "This Net" to "specific" - "MyGroup". Then, after installing the rulebase, the NBT Broadcasts may pass the Anti-Spoofing mechanism of the interface and will be dropped by yor rule in the rulebase. If you do this for every Broadcast address of each Interface, you will "get rid of" these entries in the log. Hope it helps, best regards, Matthias http://www.fw-1.de   Paraic wrote: Hi FW-1'ers,I have set FW-1 ver 4.1 sp2 on NT 4 and I want to set up the "silent Services" rule for non-logging of broadcast services (such as NBT group fo services). I have done an ANY ANY NBT DROP TRACK=BLANK rule near the top of the rule base and it still logs all Bcast services with a Rule 0.Now I reckon Rule 0 is an implied rule from the Properties section but I couldn't find anything related to Logging broadcast packets.I also installed a brand new rulebase using the Wizard and included the Silent Services rule which didn't work either.I'm pretty sure its a common problem, but I can't locate the option to turn it off.Any help appreciated,Cheers,Paraic