Hello,
I need to define some custom firewall rules so I referenced the predefined rules.
Frequently, I need to
- Allow requests matching certain criteria
- Block all unmatching requests
Whereas for (1) one can specify individually each specific criteria, how about (2)? (2) essentially is “everything other than (1)” so there are
- Numerous types of protocols
- Numerous possible source and destination, port.
How can they all be included with a single rule?
With this question I looked at some predefined rules, and found they seem all to use
- Protocol “IP”
- Direction “In/Out”
To define the scope of all remaining types of communication.
So what does “IP” here refer to? Does it mean Internet Protocolhttp://en.wikipedia.org/wiki/Internet_Protocol which is a superset of protocols including {TCP, UDP, ICMP, etc.}? Does using this protocol means “for all remaining types of communications”?
And what is the priority of rules? If I define rule (1) followed by (2), is it like a case statement in C:
Switch (type)
{
Case (1)
Statement;
Break;
Case (2)
Statement;
Break;
}
When (1) and (2) are mutually exclusive, changing order makes no difference. But in case that they have a non-empty intersection:
- (1)∩(2)≠∅
- (1)⊂(2) or (2)⊂(1)
Does different order of rules result in different result?
And regarding the “IP” protocol, since it is all-inclusive (probably), is it like
Switch (type)
{
…
Default:
Statement;
Break;
}
In C language?
Jim
[attachment deleted by admin]