https://bugs.contribs.org/show_bug.cgi?id=10760
--- Comment #14 from mab974 <[email protected]> ---
(In reply to Jean-Philippe Pialasse from comment #13)
> (In reply to mab974 from comment #12)
>
> clever approach to allow more than the selected services I proposed.
> I wait to see how you verify the service.
>
> the idea here was just to either block complete access as in initial version,
> or to only give access to selective country for some services.
>
The idea, starting from a general blockage of a certain number of countries, is
to treat some services differently by widening or reducing the number of
countries blocked. And doing that, REPLACING the starting general rule.
Can we give access to a service at this point ? Souldn't we take into account
other rules from other applications farther ?
> i do not see the need to add -m multiport ! --dports $locPorts to make some
> exceptions
these ports have just been treated above and do not have to be blocked (or
considered) here. Do they ?
>
> I would say, if the general rule prevent a country to access a specific
> service, I want it to apply: better to be be more restrictive there, than
> making holes. Security first.
Nevertheless, I am not a specialist and my vision may be wrong...
--
You are receiving this mail because:
You are the QA Contact for the bug.
_______________________________________________
Mail for each SME Contribs bug report
To unsubscribe, e-mail [email protected]
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/
