View Full Version : What is Rule 0?

2005-08-13, 14:11
What is Rule 0?
If a packet is dropped, but it is not dropped as the result of a specific rule in the rulebase, it is usually dropped on Rule 0. There are several reasons why a packet might be dropped on rule 0:

Anti-spoofing violation. The connection may violate your anti-spoofing settings.
Authentication Failures. Whether or not this is logged is set in the Authentication tab of the Rulebase Properties.
SYNDefender warning. The “Display Warning Messages” checkbox in the SYNDefender tab of the rulebase properties is where this is disabled.
SecuRemote authentication (successful ones). This is controlled on a per-user basis.
A security feature in FireWall-1 is dropping the packet. The specific reason is listed in the Info field of the log entry. This error can likely be searched for in the FAQ.
Just saw the other day, while testing NG AI R55, that it would elaborate more on the reason this log was made.

-- GuyR - 08 Jan 2004

FAQs.Class: LoggingAndAlertingFAQs