Hi, In the rule of 'udp broadcasting', there are 2 masks (0.0.0.255) on the 'source' side. UDP broadcasting sends messages to 255.255.255.255. My questions: (1) why 2 masks on the source side? (2) If I leave 'source' blank and change 'destination' to 255.255.255.255, can I get the same effect? thanks in advance.
It is not two masks, the first value is the value to be compared with, the second value is the mask to be applied before doing the comparison. In other words the test is comparing: (PacketToBeTested AND Value2) with Value1. If you look at the rule allowing file sharing, you will see the first value is 192.168.0.0 and the second one is 255.255.0.0. So, it allows all IP starting with 192.168, whatever the 2 last numbers. Yes, the effect won't be the same. The current rule is blocking incoming packets with a 255 at the end of the destination address. The one you are proposing would block the PC sending packets to an IP address ending with 255.
thanks, Frederic (1) If I set a rule with 'inbounding & outbounding' direction, is there any difference when I put the Local machine on the 'source' or the 'destination' side? (2) In the attached figure, the 'destination' is 'ALL'. But I think it's actually 'my local machine'. So, is there any difference if I change 'ALL' to 'Equal My@". (3) What's the usage of 'Not Mask". Could you plz give a simple example?
Yes, it makes a difference. The local machine address is on the left side, since this address is in source when packet are sent from the PC to internet (PC>>Internet) and this address is a destination when a packet is received (Internet >> PC). The left side is actually the local address. The right side is the remote address, so it should stay at All. If you want to allow everything but not the local network, you would use: 192.168.0.0 255.255.0.0 and Not Mask. (not sure this example is a realistic one, and "Not Mask" is not so frequent to be used). Frederic
Frederic, thanks a lot, let me make my questions clear: in the attached picture: label 1: Source is PC>>NET However: Label 2 Destination is ALSO PC>>NET Confused with the same directions of source and destination. Label 3: As you mentioned "The left side is actually the local address. The right side is the remote address, so it should stay at All." But: My local machine's IP will NEVER be a *.*.*.255 So, can this rule catch anything?
"Label 1" is in IP group "Source is PC>>NET..." is another different group. Same thing, Label 2 is in "TCP Flag" group which is different from "PC>>NET...". Yes it can, since this is a broadcast address. Frederic
thanks, Frederic, just to clarify Are you indicating that the 'local address' doesn't means 'my local machine"? for example: my local machine's ip is: 192.168.3.3 the 'local address' can be anything in 192.168.*.*? If so, how can LnS installed on my pc filter traffic of other machine? A similar question has been asked in the topic "ALL = Equl my @". would appreciate if you can take a look. thanks in advance.
