For some reasons we use Reject as action in the cleanup rule of an internal firewall. We know about the performance impact due to the ICMP packets being sent, but this is okay for us.
Since the cleanup action is not drop, we get the message "Missing cleanup rule - Unmatched traffic will be dropped and not logged". Is there anything to consider (except the performance issue) about having a cleanup rule with action reject?
The affected firewall is not exposed to the internet, so there is no chance of an external DDoS-attack on this. The given warning does not affect us, since all rejected traffic is logged in our own cleanup rule.
