[Firehol-support] ACK RST on rejected services
Rich
forums at artfulrobot.uk
Fri Mar 13 09:24:56 GMT 2015
Hi Costa,
On 12/03/15 16:06, Tsaousis, Costa wrote:
>> ✓ Implicit Reject: Logged in IN chain only, client times out
> The client should not timeout, but rejected.
> Are you sure the client timed out?
You're right, sorry I think that was a typo.
> ✗/✓ Implicit Accept; Implicit accept for particular service: no log, client rejected - but this is not a supported configuration anyway.
> I don't get this test.
My bad again, sorry. I strayed a bit far in testing combinations! I
think I was trying to test the default accept but reject a particular
port set-up. I did not get the expected results, but then I recall
reading on the firehol website that firehol is designed for the "deny
everything, then allow what you want" plan and cannot be used the other
way around. Recalling this (rightly or wrongly), I wasn't surprised it
didn't work, and I didn't really care anyway because I can't think of
any use-cases for that, so I didn't worry. Before landing on firehol I
read a lot of other firewalls' websites, so I may have mis-remembered
that, AND, testing this morning, implicit accept, explicit reject does
work as expected anyway, so please ignore and sorry for taking up your time!
Until the next time (which will probably be when I try to get my OpenVPN
server to route to other LAN hosts...),
Rich
More information about the Firehol-support
mailing list