About F19 Firewall

Thomas Woerner twoerner at redhat.com
Tue Sep 24 16:07:49 UTC 2013


On 09/24/2013 05:15 PM, P J P wrote:
>    Hello Thomas,
>
> ----- Original Message -----
>> From: Thomas Woerner <twoerner at redhat.com>
>> Subject: Re: About F19 Firewall
>> You have to make sure where you are adding new rules. Here is a simple
>> example where you want to drop everything from 192.168.1.18:
>>
>> If you do it wrong if could end up like this (output of iptables -S):
>>
>> -A INPUT -s 192.168.1.0/24 -j ACCEPT
>> -A INPUT -s 192.168.1.18 -j DROP
>> -A INPUT -j REJECT
>
>
>     Yes, I know about the ordering issue. But that is fairly reasonable, intuitive and straightforward to understand.
>
O.k., then please provide a program that places (user supplied) rules at 
the proper position in an (user supplied) rule set in that way that it 
will always result in the (user) expected behaviour without further 
modifications. BTW: This is not limited to source addresses only, but 
also port ranges and ports, matches, logging, ..

I am looking forward to get this solution.

>
> ---
> Regards
>     -Prasad
> http://feedmug.com
>

Regards,
Thomas


More information about the devel mailing list