Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Click here to return to the '10.4: Reorder the list of firewall rules' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.4: Reorder the list of firewall rules
Authored by: hbp4c on May 09, '06 07:26:48AM

Actually, sometimes you want a specific rule to come before another rule in advanced firewall configurations.

Firewall rules are generally executed starting with rule number 1, and continuing until a matching rule is found.

For example, lets say you want three rules, access to port 80 (for a web service) from any host, block all other ports to any host, but leave open port 22 (for remote login/ssh) from your home network.

If the rules are set up like this:
1- allow port 80 from all
2- deny all ports from all
3- allow port 22 from you favorite home machine
then what will happen is you'll not be able to ssh from your home machine, because rule #2 explicitly denies all connections before rule 3 is evaluated.

Therefore, reordering the rules so that #3 above comes before #2, allows ssh connections.

[ Reply to This | # ]