Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Ordering the rules
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Ordering the rules - 5.Feb.2004 3:16:00 PM
|
|
|
Persing
Posts: 40
Joined: 31.Jan.2004
Status: offline
|
In the documentation it says that the order of the rules is very important, but there is no detailed explaination of the "rule for rules". My general approach is to place the deny rules first, then the allow rules, then the publishing rules, followed by the default deny rule last. Are there any tips or tricks to follow in ordering the rules?
|
|
|
|
|
RE: Ordering the rules - 5.Feb.2004 4:23:00 PM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Pete,
That is definitely one way to do it. However, the best way to implement firewall policy is to have no deny rules. Instead, you allow access only to required resources to the appropriate uses. If there is no allow rule, then access is denied.
However, there are situations where you can see conflicts, such as a user belongs to one group that has access and another group that is not allowed access. In cases such as these, its good to put the deny above the allow, otherwise the allow will be processed first.
HTH,
Tom
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
