Firewall rule with no protocol specified ?

bubacoo · May 19, 2006, 5:20pm

If I have a rule specif like this:

7 X chain=fwd_from_INET dst-address=10.5.254.11 protocol=tcp dst-port=80 action=accept

8 X chain=fwd_from_INET dst-address=10.5.254.11 dst-port=80 action=accept

9 chain=fwd_from_INET dst-address=10.5.254.11 dst-port=112 action=drop

when I enable 7, it hos no influence on rule 9, but if I enable 8, rule 9 is ignored, all traffic goes to tcp 10.5.254.11:112 without problems

Why is that? rule 8 without protocol specification passws through much more than port 112?

Thanks

andrewluck · May 19, 2006, 5:30pm

Ports only have any meaning when you specify either TCP or UDP. Your rules 8 & 9 are illegal. You have to specify a protocol if you intend to specify a port.

Regards

Andrew

valens · May 19, 2006, 5:56pm

you have to set protocol if you want to use dst-port