[Firehol-support] ACK RST on rejected services

Rich forums at artfulrobot.uk
Fri Mar 13 09:24:56 GMT 2015

Hi Costa,

On 12/03/15 16:06, Tsaousis, Costa wrote:
>> ✓ Implicit Reject: Logged in IN chain only, client times out
> The client should not timeout, but rejected.
> Are you sure the client timed out?

You're right, sorry I think that was a typo.

> ✗/✓ Implicit Accept; Implicit accept for particular service: no log, client rejected - but this is not a supported configuration anyway.
> I don't get this test.

My bad again, sorry. I strayed a bit far in testing combinations! I 
think I was trying to test the default accept but reject a particular 
port set-up. I did not get the expected results, but then I recall 
reading on the firehol website that firehol is designed for the "deny 
everything, then allow what you want" plan and cannot be used the other 
way around. Recalling this (rightly or wrongly), I wasn't surprised it 
didn't work, and I didn't really care anyway because I can't think of 
any use-cases for that, so I didn't worry. Before landing on firehol I 
read a lot of other firewalls' websites, so I may have mis-remembered 
that, AND, testing this morning, implicit accept, explicit reject does 
work as expected anyway, so please ignore and sorry for taking up your time!

Until the next time (which will probably be when I try to get my OpenVPN 
server to route to other LAN hosts...),


More information about the Firehol-support mailing list