Default Pass/Drop
- Ashish Khabde
Analytics
The following table lists the system rules that are used to pass or drop packets on your advanced appliance. All rules are disabled by default.
| Rule ID | Rule Type | Rule Name | Description | Enable/Disable Condition | Parameters | Comments |
|---|---|---|---|---|---|---|
| 100000050 | System | EARLY PASS TCP with flowbits set | This rule passes TCP traffic that has the flowbits options set and marked OK. | Enabled by default. | N/A | |
| 140000100 | System | DROP UDP DNS unexpected | This rule drops any unexpected UDP DNS packets. | Enabled by default. | Events per second (default=1) | Default drop rule for the DNS service port. If this rule is triggered, most likely this packet is an invalid DNS UDP packet. |
| 140000200 | System | DROP TCP DNS unexpected | This rule drops any unexpected TCP DNS packets. | Enabled by default. | Events per second (default=1) | Default drop rule for the DNS service port. If this rule is triggered, most likely this packet is an invalid DNS TCP packet. |
| 140000400 | System | PASS TCP established packets | This passes all TCP established packets. | Enabled by default. | Events per second (default=0) | |
| 140000500 | System | DROP TCP unexpected | This rule drops any unexpected TCP packets. | Enabled by default. | Events per second (default=0) | This rule drops any TCP packet on any port. If this rule is triggered, most likely this packet is not intended for services on this member. |
| 140000600 | System | DROP UDP unexpected | This rule drops any unexpected UDP packets. | Enabled by default. | Events per second (default=0) | This rule drops any UDP packet on any port. If this rule is triggered, most likely this packet is not intended for services on this member. |
| 140000700 | System | DROP ICMP unexpected | This rule drops any unexpected ICMP packets. | Enabled by default. | Events per second (default=0) | This rule drops any ICMP packet. If this rule is triggered, most likely this packet is not intended for services on this member. |
| 140000800 | System | DROP unexpected protocol | This rule drops any unexpected protocol packets. | Enabled by default. | Events per second (default=0) | This is a catch all rule that drops anything that does not match any other rules in the system. |