Re: Complex ruleset questions
This is a discussion on Re: Complex ruleset questions within the IPFilter forums, part of the System Security and Security Related category; Thus spake Thomas Quinot (thomas@cuivre.fr.eu.org) [27/06/03 13:30]: > Does this work? ipfilter is ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
06-27-2003
|
|||
|
|||
Re: Complex ruleset questions
Thus spake Thomas Quinot (thomas@cuivre.fr.eu.org) [27/06/03 13:30]:
> Does this work? ipfilter is not supposed to support multiple heads for > the same group, AFAIK. As I found out /moments/ after I sent this (and followed-up to the list), no it doesn't. When I composed the message, the ruleset wasn't in a form that it could be tested. I cleaned it up, and found out that this is indeed true. My master plan would fail. :( > > block in log on {rl0,rl1} from any to any head 20 > > <service-specific forwards here> > > skip 2 in on rl0 from any to any > skip 1 in on rl1 from any to any > skip 1 in from any to any > block in log from any to any head 20 Hmmmm.... It'll work in theory, but I have a large number of rules in between the two things, and it seems a little fragile. It's better than specifying the allow rules twice, but means that any rule insertions between the 'skip' rules and the 'head' rule will break the skips. :( 
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 01:11 PM.
