Filters (fwd)

Brian 'MegaZone' Bikowicz ((no email))
Wed, 25 Oct 1995 12:35:31 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Carl Rigney: "Re: radius: may server issue multiple Access-Challenges?"
Previous message: Brian 'MegaZone' Bikowicz: "Routing problem (fwd)"

Once upon a time Portmaster Tech shaped the electrons to say...
>If you define one filter for an interface, does that mean you have to
>define every filter on that interface. The probem I am having is that
>when I put a incomintg filter to block all traffic using port 23 or 21,
>it seemed to block all outgoing traffic as well. Do I have to define
>allow filters as well as deny filters to get this work??????

Yes. All filters have an implicit deny at the end, anything no *explicitly*
permitted is denied. You can have a bunch of denies and then:

permit 0.0.0.0/0 0.0.0.0/0

And everything not explicitly denied will get through. But generally you
want to explicitly permit only what you need and deny everything else.

The philosphy is that if you forget to permit something, you will notice
and fix it.

If we allowed everything not denied by default, you wouldn't realize you
forgot to deny a security hole until it was too late.

-MZ

--
Livingston Enterprises Technical Support
Phone: 800-458-9966      FAX: 510-426-8951
support@livingston.com  <http://www.livingston.com/> 
6920 Koll Center Parkway  #220, Pleasanton, CA 94566

Next message: Carl Rigney: "Re: radius: may server issue multiple Access-Challenges?"
Previous message: Brian 'MegaZone' Bikowicz: "Routing problem (fwd)"