[Firehol-support] ACK RST on rejected services

Tsaousis, Costa costa at tsaousis.gr
Fri Mar 13 09:27:04 GMT 2015


ok. Thanks again!

On Fri, Mar 13, 2015 at 11:24 AM, Rich <forums at artfulrobot.uk> wrote:
> Hi Costa,
>
> On 12/03/15 16:06, Tsaousis, Costa wrote:
>>>
>>> ✓ Implicit Reject: Logged in IN chain only, client times out
>>
>> The client should not timeout, but rejected.
>> Are you sure the client timed out?
>
>
> You're right, sorry I think that was a typo.
>
>
>> ✗/✓ Implicit Accept; Implicit accept for particular service: no log,
>> client rejected - but this is not a supported configuration anyway.
>> I don't get this test.
>
>
> My bad again, sorry. I strayed a bit far in testing combinations! I think I
> was trying to test the default accept but reject a particular port set-up. I
> did not get the expected results, but then I recall reading on the firehol
> website that firehol is designed for the "deny everything, then allow what
> you want" plan and cannot be used the other way around. Recalling this
> (rightly or wrongly), I wasn't surprised it didn't work, and I didn't really
> care anyway because I can't think of any use-cases for that, so I didn't
> worry. Before landing on firehol I read a lot of other firewalls' websites,
> so I may have mis-remembered that, AND, testing this morning, implicit
> accept, explicit reject does work as expected anyway, so please ignore and
> sorry for taking up your time!
>
> Until the next time (which will probably be when I try to get my OpenVPN
> server to route to other LAN hosts...),
>
> Rich
>
>



More information about the Firehol-support mailing list