Duhhh...(slap forehead) Your right, I have a rule # 5 allow http to my mail server (which I need for web-based email like HotMail & Yahoo) My Denys are 12-15. I switched it to the specific internal IP and changed the service from * to HTTP and viola! Now my Deny is #1
Thanks! Chris PS: Hope everyone has updated their AV Defs, new "party" virus came out this morning. At 11:46 AM 01/28/2002 -0600, you wrote: > Is the rule to allow port 80 to your web server above the deny * rule >that you setup to block that subnet? The way Sonicwall prioritizes or >orders their rules is from the bottom up. So if you have a Deny sitting at >rule number 50, that encompasses a broad range, such as you describe, and >an allow rule that is specific to a service or 1 ip that is sitting at rule >number 25, then the rule 25 will override rule 50. Which lets all traffic >come in to port 80 on one specific server.. > > A workaround is to deny that block to that specific IP, or even further >down to the port on your web server. You need to get the rule denying what >you want to deny ABOVE your Allow to port 80 on your web server. > >Hope me and my runon sentences make sense :) --- [This E-mail scanned for viruses by Declude/F-Prot Virus] =================================================================================================== To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put the following: unsubscribe sonicwall your_name The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/
