Hello All, First, I would like to thank all those that responded. It was amazing. The first response came in less than and hour and it had great info! This list rocks. I asked two questions: 1) why was traffic getting through when it clearly should not based on my rules. I was using '*' as the service for all of my rules. First there is a patch for SunScreen Lite. One of the things it address is an issue with '*' as service. As of this writing it's Patch ID Updated Description 109737-05 7/25/2001 SunScreen 3.1 LITE (Intel) miscellaneous fixes 109736-05 7/25/2001 SunScreen 3.1 LITE (Sparc) miscellaneous fixes Available at http://sunsolve.sun.com/ And second, when using '*' as the service you loose stateful checking. It's best to stay away from '*' for the service. 2) how to get the logging to show which rule matched? You can't :( But you can turn logging on and off, or set an SNMP trap for the rule you're testing. Also, it was pointed out that sun has a "blueprint" for using SunScreen Lite 3.1 as a host-based firewall. I found it very useful. It's at http://www.sun.com/security/blueprints/#sunscreenlite Several folks gave pointers to using the CLI for management. The CLI is MUCH easier to use than the GUI! Thanks again to those that responded! odk -- Oscar D. Knight knightod@appstate.edu Network Support Services Voice: 828-262-6946 Appalachian State University, Boone, NC 28608 FAX: 828-262-2236Received on Tue Nov 20 01:47:46 2001
This archive was generated by hypermail 2.1.8 : Wed Mar 23 2016 - 16:32:36 EDT