[ previous ] [ next ] [ threads ]
 From:  DevAuto <devauto at gmail dot com>
 To:  Thomas Juice <testfirewall at hotmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Order of the Rules
 Date:  Thu, 17 Feb 2005 10:42:16 -0500
The rules, as I understand them, are processed sequentially, starting
with the first one and ending with the last one. If a rule fires on
allowed traffic for a given interface, no further processing of rules
will occur with regard to that packet on that interface. This can be
tested by setting up a rule to allow traffic over an interface, then
following it with an identical rule to block the same traffic over the
same interface, and what you will see is the traffic will continue to
traverse that interface. If a deny rule for ICMP, for example, is
above an allow rule for ICMP, then the allow ICMP rule will never see
the traffic and vice versa.

Hope this helps.


On Thu, 17 Feb 2005 14:09:54 +0100, Thomas Juice
<testfirewall at hotmail dot com> wrote:
> Hello
> My Question is, how is the Order of the Rules?
> What i mean is, In which order the Firewall processes the rules?
> The last or de first rules of the Interface?
> I do some test but i dont have a answer.
> Thanks
> Greets
> Thomas
> _________________________________________________________________
> Ungestört surfen. MSN Toolbar mit Pop-up-Blocker. http://toolbar.msn.de/
> Jetzt kostenlos downloaden!
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch

Failure is not an option ... it comes bundled with your Micro$oft solution!