Thomas Woerner wrote: > Roberto Ragusa wrote: >> //A >> if(port==(20-21)) PERMIT; >> //B >> if(port==(20-21) && net==trusted) PERMIT; >> //default >> DENY; > A wins here. The first matching rule will be used. Therefore there is no > restriction for a trusted network. So your ftp server will be available > for everyone - even in a public wifi. And this is exactly what it should happen. B is trying to give permissions to some machines, but it is useless, as A is giving permission to everyone. If it were: //B if(port==(20-21) && net==trusted) PERMIT; //A if(port==(20-21)) PERMIT; //default DENY; then B would give permission to some machines and A would give permission to all the others, so even if the decision process is a little different the final result is the same as before. The ftp server is available for everyone. Good, so A is doing its job. :-) -- Roberto Ragusa mail at robertoragusa.it -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
