> On Wed, 26 Nov 1997, MegaZone wrote:
>
> >permit x.x.x.x/32 y.y.y.y/32 tcp dst eq 139
> >deny 0.0.0.0/0 0.0.0.0/0 dst eq 139 log
>
> >Then the packets are not matching you rule 6. If they matched rule six
> >it would stop parsing there and never see rule 7 or 8.
> >
> >>6 permit x.x.x.x/24 y.y.y.y/32 tcp dst eq 139
> >>7 deny 0.0.0.0/0 y.y.y.y/26 udp dst eq 139 log
> >>8 deny 0.0.0.0/0 y.y.y.y/26 tcp dst eq 139 log
>
> Actually ALL his hosts on his Class C are matching rule 6 and that is his
> problem. Notice he has permit x.x.x.x/24 vice x.x.x.x/32 which was
> in MZ's fine example. His rule matches the whole Class C (/24) If he
> wants only one host in the source its gotta be /32. I'm not sure he
> caught that.
The other thing that wasn't mentioned is that a filter on line 1-5 could
be allowing the packets he wanted blocked.
Doug Ingraham "Coffee should always be served a little too hot to drink
Rapid City, SD at first. It forces you to slow down and savor the
USA experience." Major Kira, Star Trek Deep Space Nine.
-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.