I've had a security breech from the net on my site and wanted to put some filters on my Ascend unit (MAX200+). I'm having trouble nailing down the logic of these filters. "Philosophy A" I have been told that if you do a bunch of "YES" or "pass" filters you need a "NO" or "block" filter at the end of the list to "seal things off". Likewise if you have a bunch of "NO" filters or "block" filters you need a "YES" or "pass" filter at the end of the list to let things thru. "Philosophy B" I've also been told that (as in subject #12 of the nealis ascend-faq) "Data filters will examine packets and drop (or forward) matching entries, depending on filter construction." "Philosophy C" "follow the logic, draw a picture" (from Ascend site)....kind of vague, do they mean step by step? These filter philosophies seem kind of sketchy (to me) and I was wondering if someone had some "C pseudocode" that would show their logic explicitly. For example filters on WAN, incoming, philosophy "C" (step by step?) mail and www: These are "YES" or "pass" filters #1 mail and #2 www. "YES" filter = forward matching packets... two packets come in back to back mail delivery (Port25) then web server request (Port80): mail-packet hits the 1st filter (mail) and passes. next mail hits the www filter and doesn't match so it doesn't pass....bye bye mail packet gone to /dev/null. www-packet hits the 1st filter (mail) and doesn't match so it doesn't pass.....bye bye www-packet gone to /dev/null. Now I know someone is sure to point out that the filters don't work that way. OK. How do they work? Step by Step. I have examples....it's the principles behind the examples I'm missing. I believe these filters must be logically "OR"ed together somehow in a stepwise fashion, I would just like some clear explanation as to how. Something like: set up the "finished filters" All forward=NO (block) filters are "OR"ed and result is stored in BLOCK_OR All forward=YES (pass) filters are "OR"ed and result is stored in PASS_OR apply the "finished filters" packet OR'ed against BLOCK_OR==TRUE: discard packet at once. packet OR'ed against PASS_OR==TRUE: forward packet. I'm not sure if this logic is sound, or if it is how the filters work, but it is an attempt to demonstrate the level of understanding I'm looking for. Thanks for your help. -- Henry Hollenberg speed@barney.iamerica.net ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request@bungi.com To get FAQ'd: <<A HREF="http://www.nealis.net/ascend/faq">http://www.nealis.net/ascend/faq</A>> </PRE> <!--X-MsgBody-End--> <!--X-Follow-Ups--> <!--X-Follow-Ups-End--> <!--X-References--> <!--X-References-End--> <!--X-BotPNI--> <HR> <UL> <LI>Prev by Date: <STRONG><A HREF="msg11783.html">Re: (ASCEND) 5.0Ap38 for the MAX products</A></STRONG> </LI> <LI>Next by Date: <STRONG><A HREF="msg11778.html">(ASCEND) where should I send bugs to ? Minor bug in display</A></STRONG> </LI> <LI>Prev by thread: <STRONG><A HREF="msg11794.html">Re: (ASCEND) where should I send bugs to ? Minor bug in display</A></STRONG> </LI> <LI>Next by thread: <STRONG><A HREF="msg11787.html">(ASCEND) [Fwd: Dave Lowe]</A></STRONG> </LI> <LI>Index(es): <UL> <LI><A HREF="maillist.html#11779"><STRONG>Main</STRONG></A></LI> <LI><A HREF="thrd281.html#11779"><STRONG>Thread</STRONG></A></LI> </UL> </LI> </UL> <!--X-BotPNI-End--> <!--X-User-Footer--> <!--X-User-Footer-End--> </BODY> </HTML>