How important is the rule order? Security | DSLReports.com, ISP Information

This Section

Introduction: The bullet list...
Useful Tiny and Kerio links and resources
How does Tiny PFW parse and process my rules?
How do I move a rule in Kerio?
How important is the rule order?
Why are my logs empty? Why doesn't Kerio alert me to this particular traffic?
What ICMP types should I allow, and how do I deal with ICMP in general?
Trick: Make Kerio find my ISP's DHCP server for me...
How do I allow DNS?
Default rule handling
How do I allow DHCP?
Trick: find out what an app is doing using Tiny
What is a custom address range?
Can we discuss a full ruleset?
Initial setup: Microsoft Network
Starting out
Current status and news
What other basics will I need?
Should I use a password?
Fatal Application Exit - BufferAllocate

How important is the rule order?

Critical. The right rule in the wrong order is useless. It may never even be looked at. For example, if you "deny all traffic to or from remote port 53" in a rule, and put a rule below that to "allow all to or from remote port 53 on 192.168.1.1 only," the traffic will be denied. Tiny sees the generic deny BEFORE the specific allow, so it never processes the later rule. It finds a match. It applies the rule that matches and stops. Game over.

021102-798

got feedback?

by gwion edited by JMGullett
last modified: 2007-05-08 12:16:53

All FAQs » Security » 2.5.1. Kerio and pre-v3.0 Tiny PFW

How important is the rule order?