This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

rule problem

hi @ all

ive setup following rule and deffinition in FW:

network:

name = host.i.dont.like    ip: 123.123.345.  netmask /32

the rules :

from   host.i.dont.like to service any to server any  -> log reject.

so far so good.. but the host.i.dont.like is able to get a connection into the
internal network.

so why ? is that rule in wrong direction ? whats the magic i dont see ?

This thread was automatically locked due to age.

0 VelvetFog over 21 years ago

Try these filtering rules:

Internal_Network  Any  host.i.dont.like  Drop
host.i.dont.like Any  External_Interface  Drop
Cancel
Vote Up 0 Vote Down

Cancel
0 SecApp over 21 years ago in reply to VelvetFog

I think he's right; the Any targets don't work unless you specify an interface as a target. The explanation of this behavior given to me was "...that's the way iptables does it..."; but obviously an accomodation should be made, since many people using the firewall will not know that!
Cancel
Vote Up 0 Vote Down

Cancel
0 VelvetFog over 21 years ago in reply to SecApp

I am admittedly not a Linux guru, but I do suspect the IP filter limitation of requiring a specific filter target rather than using Any (0.0.0.0) in order for a filter to work properly, is a limitation in the open source iptables software that is being used, and is not caused by the ASL Webadmin code.

Iptables may have some shortcomings, but it is a far sight better than the older ipchains software that it replaced when Linux kernel v2.4 came out.
Cancel
Vote Up 0 Vote Down

Cancel