(ASCEND) Q: SC Firewall rules that allow a Proctocol for all exept one

To: ascend-users@bungi.com
Subject: (ASCEND) Q: SC Firewall rules that allow a Proctocol for all exept one
From: "Hartmut Schroeder" <hacko@mms.de>
Date: Mon, 6 Dec 1999 12:33:05 +0100
Priority: normal
Reply-to: hacko@mms.de
Sender: owner-ascend-users@max.bungi.com

Hi,
while playing with the SC Firewalls I'm having a little
Trouble defineing the following:

Say you want to pass a given Protocol (like Telnet) so
you click on the Protocol and enable it.
Say you want all Internetmashines are allowed to do it so
you would say "*" in the remotehost section (as example).

What would you define if you want to exclude a given Host/Net
(a Hacker) from this?

There seem to be no way to give exclude Rules. If you can enable
a Protocol you may define only allow lists.
You may put a given Host/Net onto the "Restriced Sites"-List but
this would exclude him from ALL not only one Protocol.
There also seem no Way to Sort Rules so that one more specific
Rule is perferred over a less specific Rule.


Currendly the only Way seem to forget that Idea and take normal
(static) Filterrules OR writing a Programm that calculates all Subnets
that should be included exept the one I want to miss.
Is that realistic? Had somebody done this? Are there other Ways doing this?

Regards H.Schroeder


Hartmut Schroeder             MMS Communication AG
mailto:hacko@mms.de           Eiffestrasse 598
http://www.mms.de/~hacko      20537 Hamburg, Germany
Phone: +49 40 211105-40       Fax: +49 40 210 32 210
UTM 32U0569835 5934083 WGS84
++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

Prev by Date: (ASCEND) Pipeline NAT port mapping (was Pipeline 50 and NAT)
Next by Date: (ASCEND) RE:
Prev by thread: (ASCEND) Pipeline NAT port mapping (was Pipeline 50 and NAT)
Next by thread: (ASCEND) RE:
Index(es):
- Date
- Thread