Re: (PM) Shorter filter command (fwd)

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Henrik Johansson: "(PM) How to turn off user login?"
• Previous message: Stephen Fisher: "Re: (PM) Postscript format of new manuals"
• In reply to: MegaZone: "Re: (PM) Shorter filter command (fwd)"

Forgot to type those in.. I do use them though.

> And even if it were there, this would permit connections to ALL ports!
> An port over 4999 would see rule 1 and be permitted. Any port under 5000
> would not match and would see rule two - and being less than 5011 would
> be permitted! So all packets to 10.1.1.1/32 would be ok!
>
> I've done this sort of thing countless times.
>
> You want
> 1 deny x.x.x.0/24 10.1.1.1/32 dst gt 5010
> 2 permit x.x.x.0/24 10.1.1.1/32 dst gt 4999
> 3 deny
>
> Anything over 5010 is denied by rule 1, then anything over 4999 is
> permitted by rule two - but this has already been capped at 5010 by
> rule one. Then anything less than 5000 is denied.

True.. I stand corrected.. I wonder if that is what I had (I deleted the
filter and changed some things around the other day on the PM11) and how I
was testing it..

-- 
 - Steve
  - Systems Manager
  - Community Internet Access, Inc.
  - Gallup and Grants, New Mexico
-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.
Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>

• Next message: Henrik Johansson: "(PM) How to turn off user login?"
• Previous message: Stephen Fisher: "Re: (PM) Postscript format of new manuals"
• In reply to: MegaZone: "Re: (PM) Shorter filter command (fwd)"