Rules priority and processing basics



  • With regard to blocking a protocol, such as ICMP. I read in the forum where it was advised to put the "block all" rule first (above or at the top). Then I read in the documentation Firewall Rules Basics: "Firewall rules are processed from the top down, and the first match wins." So if put in a rule to block all ICMP but still want to allow a few users to use ICMP. What is the order I should put the "allow icmp for 'range or single host' " and "block all ICMP"? Who goes above who? To satisfy the documentation, It "makes sense" for me to put the allow above the block all which goes against what I'm reading in the forum.

    BTW what is the difference between block and reject?
    tnx



  • Create rules to allow access to your services, what is not listed in rules will be blocked.

    deny just drop the package, reject drop and returns an error response to client.



  • But as an Internet Provider to other users, I have to start with an allow rule. Which, BTW, is at the bottom of my rule set. But I no problem implementing a block all ICMP rule for most users to prevent DOS attacks. So right now I have an allow all rule as the last entry, and then a block all ICMP for most users above the allow all, and the allow some ICMP above the block all ICMP. Is that the order these need to be in?



  • @makesense:

    Is that the order these need to be in?

    yes. :)

    Remember to reset state table(shortcut on dashboard) while testing rule combination.


Log in to reply