Forum Discussion
Jeff_Maddox_394
Historic F5 Account
The default behavior for disabled virtual servers is to send a RST to a SYN. If you are looking for a passive drop behavior, then a packet filter rule with the action set to "discard" would do the trick.
aj11
Aug 03, 2017Nimbostratus
Thanks. I created a Packet Filter rule to allow an internal subnet (First) and tried to create another rule (Last) to drop (Action: "discard") everything else where the instructions in the doc linked below say to "Enter Expression Text" with nothing in the text field, which apparently means everything (?), and I got the following error:
01070087:3: Packet filter rule '/Common/TestRule1': rule matches all traffic and action is not "continue"
Why should the rule be set to "continue" rather than "discard"?