[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: iptables/firewall brainstorming



Thomas Woerner wrote:
> Please think of a scenario like this: Service A is adding
> firewall rules for opening port 20 and 21 (ftp-data and ftp) for
> everyone and service B is opening port 20 and 21 only for a specific
> network segment. What do you want to have here? If you apply A's rules
> first then 20 and 21 is open for everyone and the rules from B are not
> used at all. But if you apply B's rules first, ... What is the right
> ordering here? Should A or B win?

A and B will collide anyway when they try to listen on the same ports. I don't 
see why it's important to make the packet filter rules coexist when the 
daemons won't.

Björn Persson

Attachment: signature.asc
Description: This is a digitally signed message part.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]