Some Questions,
I take it the rule is set for deny and checked as enabled? Is there any rules above the rule that Allow Web or default traffic? The rules work from top to bottom, so if there is something that will allow the traffic thru above it then this rule will never be hit. After adding the rule did you reset or reboot the SW? I for one have seen what you are talking about and I know the rules are correctly in place. So I just schedule a time when I can reset/reboot the SW to make sure that there is a common starting point after changes. Hope this helps, James At 09:04 AM 4/26/2002 -0400, you wrote: >I've got a low number rule that blocks a few Class-C ranges from getting >to my mail server (webmail) > >Web (HTTP) 217.224.202.1 - 217.224.207.255 (WAN) 192.168.1.3 >(LAN) > >The mail server has several different logs and one shows port 80 >traffic, Here is part of yesterdays > >20020425 012325 217.224.202.203, Mozilla/4.0 (compatible; MSIE 4.01; >Windows 95), http://straight.wethost.com, GET >http://www.klick4geld.de/cgi-bin/klick4geld.pl?banner=woxstraight HTTP/1.0 >20020425 012325 217.224.202.203, Mozilla/4.0 (compatible; MSIE 4.01; >Windows 95), http://straight.wethost.com, GET >http://www.klick4geld.de/cgi-bin/klick4geld.pl?banner=woxstraight HTTP/1.0 > >I'm trying to figure out what these kiddies are doing, the IP is from >Deutsche Telekom AG. > >My main concern is why the rule above is not stopping HTTP traffic. > >Ideas? John T and Todd H: Do you see this in your Wxyz.log ?? > > >Chris --- [This E-mail scanned for viruses by Declude/F-Prot Virus] =================================================================================================== To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put the following: unsubscribe sonicwall your_name The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/
