Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the '10.4: Reorder the list of firewall rules' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.4: Reorder the list of firewall rules
Authored by: cdss on May 08, '06 01:57:57PM

Either I'm being particularly obtuse but I fail to see the purpose of this hint. Perhaps someone better and smarter than me can explain the logic.



[ Reply to This | # ]
10.4: Reorder the list of firewall rules
Authored by: sjk on May 08, '06 06:03:52PM

Maybe the purpose is for inexperienced users to unnecessarily risk messing up firewall preferences? ;-)

Seriously, most people won't have a good reason to do this. I think it belongs in the hypothetical "just because you can doesn't you should" hint category.



[ Reply to This | # ]
10.4: Reorder the list of firewall rules
Authored by: hbp4c on May 09, '06 07:26:48AM

Actually, sometimes you want a specific rule to come before another rule in advanced firewall configurations.

Firewall rules are generally executed starting with rule number 1, and continuing until a matching rule is found.

For example, lets say you want three rules, access to port 80 (for a web service) from any host, block all other ports to any host, but leave open port 22 (for remote login/ssh) from your home network.

If the rules are set up like this:
1- allow port 80 from all
2- deny all ports from all
3- allow port 22 from you favorite home machine
then what will happen is you'll not be able to ssh from your home machine, because rule #2 explicitly denies all connections before rule 3 is evaluated.

Therefore, reordering the rules so that #3 above comes before #2, allows ssh connections.



[ Reply to This | # ]