Hello all, I have a question regarding Jetico event processing order. As far as i can understand, when an event occurs, Jetico begin seraching the different tables in the root table top to to bottom, until he finds a suitable rule. Now, first of all, i'll be glad to know if that is indeed the case. Second, should it proves to be the case, is the default order of the tables (Application Table -> System IP Table -> Protocols Table -> Process Attack Table) the "correct" one? Thanks in advance, Adam.
I have been trying to produce a chart, that shows how the conditional rules /rules processing work, and how they branch off to the sub-rules, but the chart was getting too big, and I was not sure if it would make things clearer or not, so have given up on it for now (untill I have more time available).