[prev in list] [next in list] [prev in thread] [next in thread]
List: fwtk-users
Subject: IP Chain ruleset
From: Dave_Chen () acml ! com
Date: 2000-10-23 20:40:18
[Download RAW message or body]
[To be removed from this list send the message "unsubscribe fwtk-users" in the
BODY of a mail message to majordomo@ex.tis.com.]
Hi,
The question is with regards to IP Chain in the Oct.
issue of Linux Journal (p42), Marcel Gagne' wrote a rule sequence
is listed below:
1> ipchains -P input ACCEPT
2> ipchains -A input -j ACCEPT -s 192.168.1.0/24 -d 0.0.0.0/0
3> ipchans -A input -j ACCEPT -s 0.0.0.0/0 -d 0.0.0.0/0
4> ipchains -A input -j DENY -p tcp -s 0.0.0.0/0 -d
259.25.132.55 137:139
5> ipchains -A input -j DENY -p udp -s 0.0.0.0/0 -d
259.25.132.55 137:139
6> ipchains -A input -j ACCEPT -p tcp -s 0.0.0.0/0 -d
259.25.132.55 80
7> ipchains -A input -j DENY -s 0.0.0.0/0 -d 0.0.0.0/0
Question is this:
Line #3 is allow any source address (0.0.0.0/0) to any
destination address (0.0.0.0/0) does it not superseded the
following lines (#4 -7)? How can you DENY service when it is
already allowed? Does the order not matter?
Thanks.
Dave Chen
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic