Hi,
Haven't done a lot of testing on this, but I was pretty conserned abt. what actualy occured.
I usually make my rules based on machine groups and service groups (to have a smaler rules list).
I made a service definition (called test) that said;
any any 0:65535 10000:65535
then I added that definition into a service group (called test-service) with ident as well.
then i added a rule that said;
any test-service test-servers allow.
What happend was that I made a rule that should have been allowing ident + 10000:65535 to the testservers. But what actualy happend was that it made a rule that said any any testservers allow (when u look at iptables you will see that it has added anyport instead of anytype.
Meaning the rule had no effect.
it seems this problem happends when using "any" as type instead of tcp/udp/whatever.
Scary [:(]
Mailme for further info.
Brgds Espen
[size="1"][ 10 July 2002, 23:50: Message edited by: Espen ][/size]
This thread was automatically locked due to age.