[prev in list] [next in list] [prev in thread] [next in thread]
List: ipfilter
Subject: Re: Strange rule problem
From: "Antony Riley" <antony.riley () kinetic ! co ! uk>
Date: 2002-08-29 15:45:22
[Download RAW message or body]
The following will work:
pass in quick on hme0 proto tcp from 206.197.69.162/32 to 207.200.6.75/32
block in quick on hme0 proto tcp from any to 207.200.6.75/32 port = 3306
Unless you use the 'quick' keyword, It's the last rule that matched the
packet which gets chosen.
If you use the 'quick' keyword, it does not look at any of the other
rules, and matches that one.
I'd need to see the rest of your rules to see why it's letting anyone in
though.
-Antony
-----Original Message-----
From: Bill Bradford <mrbill@mrbill.net>
To: ipfilter@coombs.anu.edu.au
Date: Thu, 29 Aug 2002 10:29:57 -0500
Subject: Strange rule problem
> Okay. Here we go:
>
> (Solaris 8/SPARC, ipf 3.4.29)
>
> My IP is 207.200.6.75.
>
> # block mysql
> block in on hme0 proto tcp from any to 207.200.6.75/32 port = 3306
> # let this address in for mysql
> pass in on hme0 proto tcp from 206.197.69.162/32 to 207.200.6.75/32
> port = 3306
>
> Problem is, *anyone* can get in.
>
> If I get rid of the second line, and change the first to:
>
> block in quick on hme0 proto tcp from any to 207.200.6.75/32 port =
> 3306
>
> then it works! I need to be able to block access to port 3306 to
> everyone
> except certain IPs.. any clue as to what I'm doing wrong?
>
> Bill
>
> --
> bill bradford
> mrbill@mrbill.net
> austin, texas
*************************************************************************
This e-mail and any attachments may contain confidential or privileged
information. If you are not the intended recipient, please contact the
sender immediately and do not use, store or disclose their contents.
Any views expressed are those of the individual sender and not of Kinetic
Information System Services Limited unless otherwise stated.
www.kinetic.co.uk
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic