Forgot to type those in.. I do use them though.
> And even if it were there, this would permit connections to ALL ports!
> An port over 4999 would see rule 1 and be permitted. Any port under 5000
> would not match and would see rule two - and being less than 5011 would
> be permitted! So all packets to 10.1.1.1/32 would be ok!
>
> I've done this sort of thing countless times.
>
> You want
> 1 deny x.x.x.0/24 10.1.1.1/32 dst gt 5010
> 2 permit x.x.x.0/24 10.1.1.1/32 dst gt 4999
> 3 deny
>
> Anything over 5010 is denied by rule 1, then anything over 4999 is
> permitted by rule two - but this has already been capped at 5010 by
> rule one. Then anything less than 5000 is denied.
True.. I stand corrected.. I wonder if that is what I had (I deleted the
filter and changed some things around the other day on the PM11) and how I
was testing it..
-- - Steve - Systems Manager - Community Internet Access, Inc. - Gallup and Grants, New Mexico - To unsubscribe, email 'majordomo@livingston.com' with 'unsubscribe portmaster-users' in the body of the message. Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>