The filters are invoked in the order listed. If you have any filters before this that would allow access, then you need to click and drag (assuming GBAdmin) this filter ahead of the other.
Mike Burden Lynk Systems http://www.lynk.com (616)532-4985 [EMAIL PROTECTED] > -----Original Message----- > From: Steve Leach [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, February 06, 2002 6:35 AM > To: [EMAIL PROTECTED] > Subject: [gb-users] Order Processing / Filters > > > I use a straightforward tunnel to open access to port 80 on a per IP > basis. > > So I have an alias for a range of addresses and then a tunnel > - example > for one like shown: > > Alias > ------- > nn EXTERNAL nnn.nnn.nnn.115 255.255.255.255 > > Filter > -------- > nn TCP nnn.nnn.nnn.115 80 yyy.yyy.yyy.115 > 80 filter > > This works a treat, and restricts the ports to just that > names (i.e. 80). > > However, I have been asked to block an address range for all port 80 > access, so I created an object as follows: > > 3 Blocked80_List - Addresses Blocked By Firewall > Index Type Beginning Ending > ----- ----- --------------- --------------- > 1 host nnn.nnn.nnn.nnn (bad guy) > > And I set this in the filters to prevent the blocked list > from access as > below - but it does not seem to have any effect. > > 9 #Blocked List Filter > Deny "EXTERNAL" ALL log > from "Blocked_List" > to "ANY_IP" > > What am I doing wrong? Any clues, or is the failure because > the tunnel is > processed in such a way that the filter is not invoked (order of > processing). > > Thanks in advance to the group for any help. > Long may the group continue - some invaluable stuff comes > through - even > though I may not be using the features (YET!). > > ============================================================== > ============ > ============= > FAO: Moderator - Would it be possible to have my old address > in the group > list [EMAIL PROTECTED] changed to this one [EMAIL PROTECTED]? > Thanks. > ============================================================== > ============ > ============= > > > Best Regards, > > Steve Leach > Network Manager > Miami International Limited > Eaglescliffe Logistics Centre > Durham Lane > Egglescliffe > URL: http://www.askalix.com > TEL: 01642 356205 > e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
