Am Die, 2002-10-29 um 21.46 schrieb [EMAIL PROTECTED]: > Hello ALL: > > First thanks for a nice ipfilter software. > > Then here is the question I have: > > What is the different between to put these two lines below first on the > ipf.conf file or last > > > block in on hme0 > block out on hme0 > > Also my OS is Solaris8 on sparc. > > Thanks, > > C- > > Hi, this question is a bit open but I suppose you want to know how IPFilter handles different rules which match one packet(maybe on one interface).
If you put "block in on hme0" to the top of ipf.conf IPFilter will remember "block everything on hme0" and go through the other rules. If he'll find abother rule which matches the packet and it tells him to accept it, IPF will change his opinion. In short: IPF goes from the top to the bottom and reads every rule. If you do not use the "quick" option he'll do what the latest rule which matched suggested. Example: pass in on ppp0 all block in on ppp0 all Now he'll block every packet on ppp0. So if you want to block everything on this interface and just allow a few services I'd suggest you to put the rule on the top. There is another solution with the "quick" keyword but I don't want to explain this too. Please have a look at the nice HowTo. Best regards, Matthias PS: I hope I answered what you wanted to know ;)
