>
> Here are sample rules to allow hosts in xxx to access ports 5000-5010 on a
> particular machine (and deny everything else):
>
> 1 permit xxx.xxx.xxx.0/24 10.1.1.1/32 gt 4999
> 2 permit xxx.xxx.xxx.0/24 10.1.1.1/32 lt 5011
> 3 deny
>
> Remember how rules are parsed - top to bottom.
>
> On Mon, Feb 23, 1998 at 10:20:22AM +0100, Philippe Duthoit wrote:
>
> > I want to allow telnets to ports 4000 4001 4005 4101...99 4201..99 and
> > 5001...5 when allowing 1 IP i must specify a rule for each port
>
> > 1 permit 123.123.123.123/32 200.200.200.200/32 tcp dest eq 4000-4299
> >
> > and can i issue this in pmconsole for wintendo machines
>
>
I know this is probably an ignorant question, but in the above, the
first rule that matches takes effect immediately, Right? If so, then rule
2 would never come into play would it? If someone did
telnet xxx.xxx.xxx.xxx 5055
then it would pass rule 1 and be let through wouldn't it. I am not trying
to argue anything here, just trying to understand how it all works.
later
Kelley
-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.
Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>