dslreports logo

Critical. The right rule in the wrong order is useless. It may never even be looked at. For example, if you "deny all traffic to or from remote port 53" in a rule, and put a rule below that to "allow all to or from remote port 53 on 192.168.1.1 only," the traffic will be denied. Tiny sees the generic deny BEFORE the specific allow, so it never processes the later rule. It finds a match. It applies the rule that matches and stops. Game over.

021102-798


Expand got feedback?

by gwion See Profile edited by JMGullett See Profile
last modified: 2007-05-08 12:16:53