The second thing I was trying to do was prevent Winnuke attacks
on my customers (a few quake players have a problem with this -
I asked them to patch their systems but I still wanted to log the
attempts). That was the point of denying 139 to the /26 network.
I believe MZ may have answered the question with:
>> If they matched rule six it would stop parsing there
>> and never see rule 7 or 8..
I did not realize that packets were not processed by all rules.
Packet processing stops at the first rule that explicitly permits
or denies the packet in the filter?
The first couple rules deny all access to specific (insecure)
machines and block spoofing.
BTW: The quake guys love this PM-3. Lots of compliments.
Mark Radabaugh
mark@woodville.net
-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.