security firewall name <name> default-log
Defines an IP firewall rule set to log packets that reach the default action.
- name
- Multi-node. The name of a firewall rule set. The name must not contain a space or any other of the following special characters: |, ;, &, $, <, or >. The name can be as many as 28 characters long.
You can define more than one firewall rule set by creating more than one name configuration node.
Configuration mode
security {
firewall {
name name {
default-log
}
}
}
Use this command to specify that the default action will be logged.
A firewall rule set is a named collection of as many as 9999 packet-filtering rules. Following the numbered rules may be a hidden rule, 10000, which can be set to deny or accept all traffic. There are a set of implicit actions that may be applied if rule 10000 is not present. These actions do not occur if rule 10000 is present, and do not occur if default-log or default-action is specified. See the Implicit Action section in this guide.
If a default-log action is applied to a rule set but the default action for the firewall has not been configured, the default action for logging is to drop packets that do not match any rule. To have packets that match a default log rule logged and accepted, you must configure default-action as accept. Refer to the security firewall name <name> default-action <action> command.
If multiple rule sets are applied to an interface, and the first rule set makes use of default-log or default-action, subsequent rules for the interface are not processed (they are ignored).
Use the set form of this command to enable logging for the default action.
Use the delete form of this command to disable logging for the default action.
Use the show form of this command to display the default logging configuration for the rule set.