Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: lists.freeswan.org > design > 03 > 020032.html (Request Expert lists.freeswan.org Support)

Re: [Design] Bad doc pointer?

From: Michael Richardson <mcr(at)cyphermail.sandelman.ottawa.on.ca>
Date: Sun Feb 16 2003 - 15:42:57 EST


-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Hugh" == Hugh Daniel <hugh@road.toad.com> writes:

    Hugh> I also note that there is no RCSID tag in the     Hugh> policies/block file.

  Fixed.

    Hugh> I also read this:

    Hugh> # This file defines the set of CIDRs (network/mask-length) to which     Hugh> # communication should never be allowed. 

    Hugh>   and I guess I can't use FQDN's here?  I was not sure quite what was
    Hugh> not allowed, so I read the doc file referenced (once I found it) and
    Hugh> found this:

  You can not use FQDNs. They may no sense here. 

    Hugh> """
    Hugh>    block
    Hugh>           Block listed IP addresses from communicating with this machine.
    Hugh> """

    Hugh>   So maybe the IP address (not CIDR?) can't send packets to me but I
    Hugh> can send packets to it? To deal with this confusion I used to call     Hugh> this policy blockdrop.

  Yeah, the sense is wrong. The file says the right thing:

# This file defines the set of CIDRs (network/mask-length) to which # communication should never be allowed.

Do you need help?X

    Hugh> I can't find anything in the man pages on what the default policy     Hugh> groups do.

  Claudia? 

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] 
mcr(at)sandelman.ottawa.on.ca 
http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBPk/3z4qHRg3pndX9AQGjMgQA7XH3zLgYHKM+PqXzoN2A8AWC3CZNgsrf U+lyCOtkOOZ0zhXMhC8GdrhvD9yUGqZZtNe/arrvjs4jMxrFQYWZA5CYFrZVdF9W FSaeDw36owvDUsNDkXCDNtBfpiUEKaH2hsRHE6Yvfl3i48sm+pQmQ1ShonKr5rv4 9cIaZFahtzQ=
=Ez3E
-----END PGP SIGNATURE-----


Design mailing list
Design@lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/design Received on Mon Feb 17 18:29:21 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 12:59:32 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library