the order of rules

Discussion in 'LnS English Forum' started by nuser, May 31, 2007.

Thread Status:
Not open for further replies.
  1. nuser

    nuser Registered Member

    Joined:
    May 31, 2007
    Posts:
    105
    Location:
    Singapore
    Hi, Climenole,

    For internet rules:
    Suppose I have a rule: block port 100
    then I add another rule: allow port>99
    In this case, is port 100 still blocked or opened again by the 2nd rule?

    thank in advance.
     
  2. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi nuser :)

    Still blocked.

    Like any rule set firewall the position of a rule is important:

    When a packet is examinded by the firewall, it start with the first rule in the list until it find a rule matching the packet, then apply this rule to the packet and finished.


    Each rule is an equivalent of a Universal proposition in mathematical logic:

    criteria 1 AND criteria 2 AND criteria 3 ...

    and the list of the rule looks like this in the primitive form:

    Rule #1 Allow A XOR Rule #2 Block all Non-A

    In a list of more than 2 primitive rules (which are developped into more specific rules) you have exactly the same things:

    A rule is apply to a packet if this packet match all criteria of the rule,if not the next rule is checked and the procedure continue until the FW found a matching rule. There is ONE ad ONLY ONE rule apply. And in any rule set it's mandatory to have a final rule to block all.

    If you block port 100 you can't unblock it with a following rule...

    :)
     
  3. nuser

    nuser Registered Member

    Joined:
    May 31, 2007
    Posts:
    105
    Location:
    Singapore
    Hi, Climenole,
    If I change the 4th column (the yellow arrow to a dot, which means that the following rule (allow ports >99) will be matched continuely). Will port 100 still be blocked?
     
Thread Status:
Not open for further replies.