[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] quick and easy
Hi Garry, Yes and No. The order of the rules is important. The packet drops into the list of rules, starting with rule 0 (= properties, etc.). Now the packet will be compared with the first rule. No match? -> Comparisation with the second an so forth. If a rule matches, the packet is treated as defined in the rule. As far as I know this procedure is not true for authentication rules. But I'm not really sure. Your solution would be: you have to add rule B before rule A. robert On Tue, 31 Oct 2000, Garry Armour wrote: > > > > Hi all, > > Jus a quick question, > > Scenario : Want to block a troublesome user from internet :-) > > I have a network object created for my internal users (10.32.1.0 255.255.255.0) > setup with allow http & https. Call it rule A > > I know the address I want to block so can I simply create an obect for this > address and use Deny. ? Call it rule B > > My understanding of things is that if there is a rule allowing access then it > supercedes any other rule that may block access above or below it. Is this > correct ? > > So if I put Rule B above or below Rule A will the address still be allowed to > communicate ? > > ps. There is no authentication of user at the firewall. > > > Thanks in advance, > Garry > > > > > ================================================================================ > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================================================ > ---------------------------------------- Robert Binder IT-Security Consultant Integralis, Niederlassung München Gutenbergstr. 1 D-85737 Ismaning Tel: +49-89-94573-235 Fax: +49-89-94573-119 http://www.integralis.de/ A member of the Articon-Integralis Group ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|