Rick, I initally attempted to setup one firewall this way, but I found
that it was stopping at the first line that matched the permit-hosts
entry.
are you sure about this?
David Lang
On Tue, 2 Oct 2001, Rick Murphy wrote:
> Date: Tue, 02 Oct 2001 09:21:06 -0400
> From: Rick Murphy <[EMAIL PROTECTED]>
> To: scheidt <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
> Subject: Re: netperm-table line too long
>
> At 03:10 PM 10/2/2001 +0200, scheidt wrote:
> >Rick Murphy wrote:
> > >
> > > At 10:36 AM 10/2/2001 +0200, scheidt wrote:
> > > >Hello,
> > > >
> > > >What is the maximum line length for netperm-table in TIS fwtk v.2.1 ?
> > > >I got the message:
> > > >
> > > >"http-gw[301]: fwtkcfgerr: /usr/local/etc/netperm-table line 40 too long"
> > >
> > > UTSL - the BUFSIZ define determines the maximum line size.
> > > You can easily fix that by editing fwtk/lib/config.c.
> > > Why is your line 40 so long? There may be an alternative way to express it;
> > > for example, multiple "permit-host" lines versus one very long one.
> > > -Rick
> >
> >it is a very long option -dest{pattern[pattern..]}
> >which AFAIK must fit on a single line.
> >Does anyone have any suggestions? Thanks.
> >
> >E.Scheidt
>
> something-gw: permit-hosts source -dest {a, b, c, d, e}
> something-gw: permit-hosts source -dest {f, g, h, i, j}
> and so forth. Each one of the permit lines will be searched looking for a
> matching destination (either permit or deny.) Put the permits first, then
> the denies.
> -Rick
>
> _______________________________________________
> Firewalls mailing list
> [EMAIL PROTECTED]
> http://lists.gnac.net/mailman/listinfo/firewalls
>
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
