Ploxiln at 23:16, 7 February 2007

2007-02-07T23:16:40Z

←Older revision		Revision as of 23:16, 7 February 2007

	When access is allowed all checks that do not match the rule will fail.		When access is allowed all checks that do not match the rule will fail.

-	In my limited experience, a ''Permit'' rule works precisely this way, it immediately blocks any connection which does not match the rule. One effect of this is that if two ''Permit'' rules are created, which do not "overlap" in what addresses they apply to, no connections can be made, because even if one ''Permit'' rule allows a connection, the other would ''deny'' it. This is a bit confusing. The upshot is that it is hardly every practical to have more than one ~~allow~~ rule.	+	In my limited experience, a ''Permit'' rule works precisely this way, it immediately blocks any connection which does not match the rule. One effect of this is that if two ''Permit'' rules are created, which do not "overlap" in what addresses they apply to, no connections can be made, because even if one ''Permit'' rule allows a connection, the other would ''deny'' it. This is a bit confusing. The upshot is that it is hardly every practical to have more than one ''Permit'' rule.

	There is no order to the rules, and order doesn't matter, because every connection is checked against every security rule, and denied as soon as denies it or doesn't permit it.		There is no order to the rules, and order doesn't matter, because every connection is checked against every security rule, and denied as soon as denies it or doesn't permit it.

Ploxiln at 23:15, 7 February 2007

2007-02-07T23:15:44Z

New page

The '''Security''' tab of Phex 3 allows one to create ''Deny'' and ''Permit'' rules. It's somewhat obvious how ''Deny'' rules work, but ''Permit'' rules are less straight forward.

To quote the documentation present in Phex svn:

When access is denyed all checks that are matched with the rule will fail.
When access is allowed all checks that do not match the rule will fail.

In my limited experience, a ''Permit'' rule works precisely this way, it immediately blocks any connection which does not match the rule. One effect of this is that if two ''Permit'' rules are created, which do not "overlap" in what addresses they apply to, no connections can be made, because even if one ''Permit'' rule allows a connection, the other would ''deny'' it. This is a bit confusing. The upshot is that it is hardly every practical to have more than one allow rule.

There is no order to the rules, and order doesn't matter, because every connection is checked against every security rule, and denied as soon as denies it or doesn't permit it.

(This is how security rules currently work for me, if I'm wrong or this is later fixed, I apologize. [[User:Ploxiln|Ploxiln]])

HowSecurityRulesWork - Revision history

Ploxiln at 23:16, 7 February 2007

Ploxiln at 23:15, 7 February 2007