How can I let a connection to a specific port (y.y.y.y.139) through a filter
from a specific IP (x.x.x.x) while blocking them from all other IP's? The
following example does not work since the packets I want make it
past rule 6 but get denied by rule 7. Reversing the order of 6 and
7 won't help since then the good ones die at rule 6.
The rule I am looking for is basically
deny (not xxx.xxx.xxx.xxx/24) 209.57.124.2/26 tcp dst eq 139
I understand the "things not explicity permitted are denied" which
means that just rule 6 in the example below would work if I didn't
have rules 9 and 10. Rules 9 and 10 are there so that I do not have
to pick each service port individually. Picking individual ports
makes for a very long set of filter rules.
What am I missing here?
Example:
6 permit x.x.x.x/24 y.y.y.y/32 tcp dst eq 139
7 deny 0.0.0.0/0 y.y.y.y/26 udp dst eq 139 log
8 deny 0.0.0.0/0 y.y.y.y/26 tcp dst eq 139 log
9 permit tcp
10 permit udp
mark@woodville.net
-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.