On Thu, Jun 11, 1998 at 01:22:35PM -0700, Joachim Feise wrote:
> Bill Eldridge wrote:
>
> > Order matters, so if you deny everythingfirst, then the rules never meet the
>allowclauses later. As mmy first guess.--
>
> That is not quite right, actually, it is wrong.
> For security reasons, you always should deny everything first, and subsequently
Well, you are both right. You have a default policy you can set,
which should be set to deny; something like:
ipfwadm -I -p deny
You can then set whatever policies you want and the last one you set is
another deny policy; so that you can log what is being denied. i.e.
ipfwadm -I -a deny -S 0.0.0.0/0 -D 0.0.0.0/0 -o
--
Andrew L. Davis Network Operations
[EMAIL PROTECTED] ViperLink International
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
