Is it possible to create an outbound filter that would prevent a host on the protected side of the network from being logged to the syslog when it tried to contact certain hosts on the external (Internet) side of the network? For example, if you have a machine on your internal 192.168.1.x /24 subnet running something such as BigBrother or MRTG to monitor several outside hosts, your syslogs tend to get large rather quickly. I'd like to add a filter that would still allow the internal monitoring host to contact the outside hosts on the Internet, but prevent it from logging those connections to the syslog. I've tried adding specific outbound filters set to accept with nolog and haven't had any luck. It works fine (doesn't log) if you add a DENY filter outbound with nolog, but not if you have an ACCEPT filter outbound with nolog. If someone can either confirm that it is not possible for GNAT Box to do this, or else tell me how to do it, I would appreciate it.
///Jason
