I have noticed every once in a while a rule of mine is broken. I am not
sure what is causing it and was wondering if anyone had any ideas.
Here is my rule.
var NETWORK [22.214.171.124/19]
pass tcp ![$NETWORK] any <> any any
pass udp ![$NETWORK] any <> any any
pass icmp ![$NETWORK] any <> any any
log tcp $NETWORK any -> any any (flowbits:isnotset,tagged;
flowbits:set,tagged; threshold: type limit, track by_src, count 5,
seconds 30; tag:session, 600, seconds;)
Now what is odd that I get maybe 1 or 2 of these every few days (sorry
if the HTML throws anyone off).
Anyway, I am wondering do I have something setup wrong in the rule set
that is letting these few IP addresses through? Why is the port 0?
Thanks for your help.