Bug ID 457035: Packet that does not match any rule configured for a firewall is dropped.

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP AFM(all modules)

Fixed In:
11.5.0

Opened: Apr 14, 2014

Severity: 4-Minor

Symptoms

The outcome for a packet that does not match any rule on any context on the firewall is a global Drop rule.

Impact

Packet is dropped.

Conditions

Packet that does not match any rule configured for a firewall.

Workaround

None.

Fix Information

In previous releases, the outcome for a packet that did not match any rule on any context on the firewall was a global Drop rule. Now, such a packet, that does not match any rule on any context is Rejected. The operative difference is that the Drop rule is silent, while the Reject rule sends an appropriate reject response, for example RST for the TCP protocol.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips