> > Has anyone found an explanation for what "both" really does.?
>
> Hal,
>
> The distinction is between "can" and "may". Obviously, the IP "can"
> not go either way. But the file is saying that it "may".
>
> Hu?
I can kick my kids [physically capable]. I may not [not permissible].
The connection from the firewall to a specific IP address can only go
through one of the N (N >= 2) interfaces. But the file is saying that,
whichever of those interfaces allows that connection, the connection
MAY [is allowed to be] made.
The file only gives permissions. It does not speak to physical
capabilities or connection realities.
> This makes much more sense when using rules with wild cards. E.g.,
> deny e-mail in or out to and from all IP addresses on "both"
> interfaces, or allow Quake in and out to and from all IP addresses on
> "both" interfaces. ;-}
>
> Capish?
>
> An unusual use and maybe spurious Capisci?
The specific examples, yes. The form, absolutely not. As a more
specific use, if I want to have 'ping's or MTU discovery go through the
firewall transparently, I may need to enable those ICMP services
to/from all IP addresses on "both" interfaces.
--
Joe Yao jsdy_at_cospo.osis.gov - Joseph S. D. Yao
COSPO Computer Support EMT-A/B
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.
Received on Aug 02 1998
Intro
