20 Sep
2001
20 Sep
'01
06:14
It's very important to put the deny-line before the allow-line. I've tested it with denying .gif and it only worked having the order first deny and then allow.
Of course, first rule it hits that matches it applies. Ditto for most systems. Some systems like IPF OTOH runs packets through all rules and whatever the last action on the packet was is taken. Not to many ways to skin the proverbial cat. Kurt Seifried, kurt@seifried.org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://www.seifried.org/security/