This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

What would be more intelligent?

should I include duplicate services in my service groups like:

(just an example)
{mail_services}:
-DNS
-POP3
-SMTP

{ftp_service}
-DNS
-FTP

OR

{mail_services}:
-POP3
-SMTP

{ftp_service}
-FTP

and a seperate rule allowing:
-DNS

My logic in duplicating the service (in this example DNS) is that when asl reads the rule for a user checking mail, asl has all it needs in that one rules as opposed to having to read a second rule to allow for DNS.

I know this is why service groups exist but what I'm wondering is if I should include services like DNS in all the service group that require it or have DNS as one 'standalone' rule?

This thread was automatically locked due to age.

Parents

0 lhe over 22 years ago

I am not sure if I understand what you are trying to do here.

My opinion is to avoid duplicating (every check takes cputime, right). Astaro works the way that it checks the packet with the first packet rule, then the next...

Let say you have a mail server and and ftp server in a DMZ. (If this is a "outgoing" rule, you probably want to add this rule to the whole DMZ network?)

Your "first" rule will be to allow DNS to the servers, then you add the spesific server rules.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 lhe over 22 years ago

I am not sure if I understand what you are trying to do here.

My opinion is to avoid duplicating (every check takes cputime, right). Astaro works the way that it checks the packet with the first packet rule, then the next...

Let say you have a mail server and and ftp server in a DMZ. (If this is a "outgoing" rule, you probably want to add this rule to the whole DMZ network?)

Your "first" rule will be to allow DNS to the servers, then you add the spesific server rules.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data