On Monday 05 February 2007 16:28, Olivier Debré wrote: > > Hello Bulk. > > Your ruleset looks hard to read to me, because I write rulesets exactly > the other way around: pass rules, with keep state. In a few words, there > are only block rules, and I can't find any 'later pass' rule. What flows > do you want to allow instead? The 'allow that, block anything else' > looks easier and safer than 'let's block Nmap scans, this, this and that > identified threat'. > How about: > - identify ingress and egress allowed flows; > - for each allowed flow, use two pass lines, one for each interface that > the flow passes through; > - use keep/modulate state ;
No it is block by default, but I think my question was maybe not clear enough. I did not include any pass rules or anything else because my question was about the sequence of processing rules. I'm trying to verify that it processes the rules from the top of the file down, and that if it runs into a matching rule with a quick, it should stop. Regardless of any other later rules. I included the block rules to show how I had blocked a specific computer, which is only during certain hours. I just want to verify that yes this should block traffic from .12, or no ... _______________________________________________ Openbsd-newbies mailing list [email protected] http://mailman.theapt.org/listinfo/openbsd-newbies
