On Mon, Feb 23, 1998 at 05:20:01PM -0500, Kelley L. wrote:
>
>
> On Mon, 23 Feb 1998, Stephen Fisher wrote:
>
> >
> > Here are sample rules to allow hosts in xxx to access ports 5000-5010 on a
> > particular machine (and deny everything else):
> >
> > 1 permit xxx.xxx.xxx.0/24 10.1.1.1/32 gt 4999
> > 2 permit xxx.xxx.xxx.0/24 10.1.1.1/32 lt 5011
> > 3 deny
> >
> > Remember how rules are parsed - top to bottom.
> >
> > On Mon, Feb 23, 1998 at 10:20:22AM +0100, Philippe Duthoit wrote:
> >
> > > I want to allow telnets to ports 4000 4001 4005 4101...99 4201..99 and
> > > 5001...5 when allowing 1 IP i must specify a rule for each port
> >
> > > 1 permit 123.123.123.123/32 200.200.200.200/32 tcp dest eq 4000-4299
> > >
> > > and can i issue this in pmconsole for wintendo machines
> >
> >
>
> I know this is probably an ignorant question, but in the above, the
> first rule that matches takes effect immediately, Right? If so, then rule
> 2 would never come into play would it? If someone did
>
> telnet xxx.xxx.xxx.xxx 5055
>
> then it would pass rule 1 and be let through wouldn't it. I am not trying
> to argue anything here, just trying to understand how it all works.
>
> later
> Kelley
>
-- - Steve - Systems Manager - Community Internet Access, Inc. - Gallup and Grants, New Mexico - To unsubscribe, email 'majordomo@livingston.com' with 'unsubscribe portmaster-users' in the body of the message. Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>