I have setup groups for network and services. There are those who are restricted and those who are un-restricted but controlled. I have put the rules in the packet filter in such a way that restricted has it's allowed ports listed first then a rule following that denies all else. Now here is where it get's strange I have 2 generic rules that follow all my drop and rejects that allow only the un-restricted access to there group services. If I kill those rules the restricted group loses all access. Anyone have any ideas? Here is the setup:
1 { Restricted } { Basic Allowed Services } Any Allow edit del move
2 { Restricted } LOCAL_ALL Any Reject edit del move
3 { Restricted } Streaming StreamAudio.com Reject edit del move
4 { Restricted } LOCAL_ALL HabboHotel Reject edit del move
5 { Restricted } Kazza Any Reject edit del move
6 { Restricted } Any Kazza4 Reject edit del move
7 { Restricted } Any Kazza3 Reject edit del move
8 { Restricted } Any Kazza2 Reject edit del move
9 { Restricted } Any Kazza1 Reject edit del move
10 { Restricted } LOCAL_ALL RadioStorm.com Reject edit del move
11 Any Any Broadcast32 Drop edit del move
12 Any Any Broadcast8 Drop edit del move
13 Any Any Broadcast8-2 Drop edit del move
14 TC Any Any Allow edit del move
15 DMZ_Network__ Any Any Allow edit del move
16 Any POP3 MailServer Allow edit del move
17 Any SMTP MailServer Allow edit del move
18 Any HTTP Server1 Allow edit del move
19 Any FTP Server1 Allow edit del move
20 Internal_Network__ Local Restricted 2 Any Allow edit del move
21 Internal_Network__ Local Restricted 1 Any Allow edit del move
22 { Un Restricted } Any Any Allow edit del move
23 Any PCAnywhere Server1 Allow edit del move
24 Any Mail PCanywhere MailServer Allow edit del move
I thought it should work but it doesn't I know I am missing something. The 2 internal network ones are the ones I have diasabled and it kills the restricted group access.
This thread was automatically locked due to age.
