David, Arno's Firewall (AIF) automatically places the "Pass LAN->EXT" rules (if any) before the "Deny LAN->EXT" rules.
So, no ordering by the user is required. Lonnie On Jul 16, 2012, at 9:16 AM, David Kerr wrote: > When this is all implemented does it matter in what order the rules are > entered? For example if iptables comes across a deny that matches the > request does it keep on going through the table looking for a rule that might > never-the-less permit the request or does it stop -- in which case the rule > permitting the request would have to come first in the table? > > David > > On Mon, Jul 16, 2012 at 9:58 AM, Lonnie Abelbeck <[email protected]> > wrote: > > On Jul 16, 2012, at 2:53 AM, Michael Keuter wrote: > > > > > Am 16.07.2012 um 01:39 schrieb Lonnie Abelbeck: > > > >> David, > >> > >> With the general DNS block in place... > >> > >> LAN_INET_HOST_OPEN_UDP="192.168.1.99>0/0~53" > >> > >> will allow the internal 192.168.1.99 device to access any external DNS > >> server. > >> > >> Lonnie > >> > >> PS: In the web interface we don't support "Pass LAN->EXT" rules, since > >> that is the default policy and would seem confusing, but coupled with > >> "Deny LAN->EXT" it can be useful it seems. > > > > > > Yes, in some situations "Pass LAN->EXT" would be quite handy. > > > > Michael > > > > http://www.mksolutions.info > > Yes, it makes sense. > > I'll add both "Pass LAN->EXT" and "Pass DMZ->EXT" to the Firewall tab action > menu in the web interface. > > If we place them toward the bottom, after the Deny actions, it might make > more sense why they are useful and possibly be less confusing to new users. > > Lonnie > > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Astlinux-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > [email protected]. > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. > http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/_______________________________________________ > Astlinux-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > [email protected]. ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Astlinux-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [email protected].
