Default block logging?

[briansthename]

Hi, I have the firewall setup so the default rule is block and I have all my open port rules. When this is enabled everything coming into my mail server or poeple accessing services on it is slow.

Why?

Also, with the default rule can I see what it is blocking? I was previously told that things blocked under the default block rule is not logged, is there a way to alter this.

Thanks for your input.

[WebFooL]

Hi,
what hardware are you running untangle on? (and what version and nr of users)

i usaly have a block any any as the last rule and in that rule you can log.

[briansthename]

i usaly have a block any any as the last rule and in that rule you can log.

What?

And this is the setup

Comcast----- untangle ----- exchange

My untangle box:
2 NICs
3.33GHz Processor
1 GB memory

Thanks

[WebFooL]

to log all blockt traffic add a rule last in you firewall list.

create that rule so it blocks traffic from any to any on port any to any.
now all traffic that dose not go out over you pass rules will be blockt and logd.

[briansthename]

I don't think that's what I'm looking for, I put that as rule #17 and it does block everything, still. it overrides the rules above it

i'm just trying to get it to have the rules (16) for open ports and then the rest blocked.

[briansthename]

I want to lock-down my network but for a few exceptions. What is the best way to do this?

You can set the default behavior to block, as discussed in Firewall. Then, create a few rules to pass.

If I do this it slows my OWA web access and web server access down a lot, why?

[WebFooL]

Also, with the default rule can I see what it is blocking? I was previously told that things blocked under the default block rule is not logged, is there a way to alter this.

The only way to LOG all block traffic is to create a rule at the bottom.

As the FW module reads the rule top to bottom try moving the pass rules for your OWA to the top.

What other modules are you running?