Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > NFR Wizards> 1998

NFR Wizards Archive: Re: meaning of "both" in a filte

Re: meaning of "both" in a filter statement

Joseph S. D. Yao (jsdycospo.osis.gov)
Tue, 28 Jul 1998 13:44:46 -0400 (EDT)

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: john madincea: "RE: meaning of "both" in a filter statement"
Previous message: Joseph S. D. Yao: "Re: meaning of "both" in a filter statement"

> My question is this. On some firewalls the interface spec also includes (besides terms for inside, outside, 3rd) a
> term "both." That means apply the permit/deny on traffic appearing at both inside (trusted) and outside (internet) interfaces.
>
> This at first glance seems absurd. It means that traffic going to D from S can move in either direction across the FW. A very unusual arrangement with almost no uses. Obviously there must be a more reasonable explanation
>
> Has anyone found an explanation for what "both" really does.?

Hal,

The distinction is between "can" and "may". Obviously, the IP "can"
not go either way. But the file is saying that it "may".

This makes much more sense when using rules with wild cards. E.g.,
deny e-mail in or out to and from all IP addresses on "both"
interfaces, or allow Quake in and out to and from all IP addresses on
"both" interfaces. ;-}

Capish?

--
Joe Yao				jsdycospo.osis.gov - Joseph S. D. Yao
COSPO Computer Support						EMT-A/B
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.

Next message: john madincea: "RE: meaning of "both" in a filter statement"
Previous message: Joseph S. D. Yao: "Re: meaning of "both" in a filter statement"

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:11:39 CDT