Hi,
the reason is the configuration of Anti-Spoofing. Take a look at the
log where these entries are - which source, which destination? Mostly Anti-Spoofing
acts not only incoming, but also outgoing.
So it might help if you define the addresses where the NBT Broadcasts
are directed to, as a separate Workstation, eg. NBTbc. Then, you define
a group MyGroup including eg. myInternalNet+NBTbc. At the Interface properties
of your Firewall you change the accepted addresses from eg. "This Net"
to "specific" - "MyGroup". Then, after installing the rulebase, the NBT
Broadcasts may pass the Anti-Spoofing mechanism of the interface and will
be dropped by yor rule in the rulebase.
If you do this for every Broadcast address of each Interface, you will
"get rid of" these entries in the log.
Hope it helps,
best regards,
Matthias
http://www.fw-1.de
Paraic wrote:
Hi
FW-1'ers,I have set FW-1
ver 4.1 sp2 on NT 4 and I want to set up the "silent Services" rule for
non-logging of broadcast services (such as NBT group fo services). I have
done an ANY ANY NBT DROP TRACK=BLANK rule near the top of the rule base
and it still logs all Bcast services with a Rule 0.Now
I reckon Rule 0 is an implied rule from the Properties section but I couldn't
find anything related to Logging broadcast packets.I
also installed a brand new rulebase using the Wizard and included the Silent
Services rule which didn't work either.I'm
pretty sure its a common problem, but I can't locate the option to turn
it off.Any help appreciated,Cheers,Paraic
|
