Re: (PM) Filters -- How do I let one TCP port in from a specific IP while denying others? (fwd)

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Rick Davidson: "Re: (PM) K56flex connect speed + retrain? problem.. (fwd)"
• Previous message: MegaZone: "(PM) Stumped! Pm3 Won't Assign s30 to incoming calls. (fwd)"
• In reply to: MegaZone: "(PM) Filters -- How do I let one TCP port in from a specific IP while denying others? (fwd)"
• Next in thread: MegaZone: "Re: (PM) Filters -- How do I let one TCP port in from a specific IP while denying others? (fwd)"

>permit x.x.x.x/32 y.y.y.y/32 tcp dst eq 139
>deny 0.0.0.0/0 0.0.0.0/0 dst eq 139 log

>Then the packets are not matching you rule 6. If they matched rule six
>it would stop parsing there and never see rule 7 or 8.
>
>>6 permit x.x.x.x/24 y.y.y.y/32 tcp dst eq 139
>>7 deny 0.0.0.0/0 y.y.y.y/26 udp dst eq 139 log
>>8 deny 0.0.0.0/0 y.y.y.y/26 tcp dst eq 139 log

Actually ALL his hosts on his Class C are matching rule 6 and that is his
problem. Notice he has permit x.x.x.x/24 vice x.x.x.x/32 which was
in MZ's fine example. His rule matches the whole Class C (/24) If he
wants only one host in the source its gotta be /32. I'm not sure he
caught that.

-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.

• Next message: Rick Davidson: "Re: (PM) K56flex connect speed + retrain? problem.. (fwd)"
• Previous message: MegaZone: "(PM) Stumped! Pm3 Won't Assign s30 to incoming calls. (fwd)"
• In reply to: MegaZone: "(PM) Filters -- How do I let one TCP port in from a specific IP while denying others? (fwd)"
• Next in thread: MegaZone: "Re: (PM) Filters -- How do I let one TCP port in from a specific IP while denying others? (fwd)"